Skip to content
This repository has been archived by the owner on Apr 16, 2019. It is now read-only.

IPFS and CORS

Jump to bottom
Herman Junge edited this page Nov 18, 2016 · 3 revisions

We will teach you,

Configuration of CORS

You can do it from the console before starting your IPFS daemon:

ipfs init
ipfs config Addresses.API /ip4/0.0.0.0/tcp/5001
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["http://infurarocks.com"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["PUT", "GET", "POST"]'

If you want to accept all domains, replace http://infurarocks.com with *.

Init your IPFS daemon

ipfs daemon

Testing your configuration

Using curl, you can answer yourself that question:

To illustrate the example, we will suppose that the API only accept calls to http://infurarocks.com

# Bad request example
# Replace the address and port of the daemon conveniently

curl -H "Origin: http://not-infura.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
--verbose \
http://0.0.0.0:5001/api/v0/swarm/peers; echo

Will give you something like

*   Trying 0.0.0.0...
* Connected to 0.0.0.0 (127.0.0.1) port 5001 (#0)
> GET /api/v0/swarm/peers HTTP/1.1
> Host: 0.0.0.0:5001
> User-Agent: curl/7.50.1
> Accept: */*
> Origin: http://not-infura.com
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Requested-With
>
< HTTP/1.1 403 Forbidden
< Date: Mon, 12 Sep 2016 07:16:46 GMT
< Content-Length: 15
< Content-Type: text/plain; charset=utf-8
<
* Connection #0 to host 0.0.0.0 left intact
403 - Forbidden

Now, for a proper domain (http://infurarocks.com):

# Good request example
# Replace the address and port of the daemon conveniently

curl -H "Origin: http://infurarocks.com" \
-H "Access-Control-Request-Method: POST" \
-H "Access-Control-Request-Headers: X-Requested-With" \
--verbose \
http://0.0.0.0:5001/api/v0/swarm/peers; echo

You will get

> GET /api/v0/swarm/peers HTTP/1.1
> Host: 0.0.0.0:5001
> User-Agent: curl/7.50.1
> Accept: */*
> Origin: http://infurarocks.com
> Access-Control-Request-Method: POST
> Access-Control-Request-Headers: X-Requested-With
>
< HTTP/1.1 200 OK
< Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
< Access-Control-Allow-Origin: http://infurarocks.com
< Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
< Content-Type: application/json
< Server: go-ipfs/0.4.2
< Trailer: X-Stream-Error
< Vary: Origin
< Date: Mon, 12 Sep 2016 07:19:27 GMT
< Transfer-Encoding: chunked
<
{"Strings":["/ip4/104.131.131.82/tcp/4001/ipfs/QmaCpDMGvV2BGHeYERUEnRQAwe3N8SzbUtfsmvsqQLuvuJ","/ip4/104.236.179.241/tcp/4001/ipfs/QmSoLPppuBtQSGwKDZT2M73ULpjvfd3aZ6ha4oFGL1KrGM","/ip4/104.236.76.40/tcp/4001/ipfs/QmSoLV4Bbm51jM9C4gDYZQ9Cy3U6aXMJDAbzgu2fzaDs64","/ip4/107.170.183.188/tcp/4001/ipfs/QmUj1nhB7j5cACy9gA9yEcxNJsHTt4LKNgw1RhuiJM9hXU","/ip4/139.59.242.36/tcp/4001/ipfs/QmWbHo1ddCjPx945BkpKjp1ap6SBzknC8GNCRGs1QNU8up","/ip4/162.243.248.213/tcp/4001/ipfs/QmSoLueR4xBeUbY9WZ9xGUUxunbKWcrNFTDAadQJmocnWm","/ip4/163.172.144.207/tcp/4001/ipfs/QmPHYb63UN3vPMTDNqGJ1PQGzhxUrdaQjEGzvwzR7QTqnJ","/ip4/169.47.12.2/tcp/4001/ipfs/QmetLDZ55on5sGQiDUxNCFaXmWY8Pw24SA2HF5o5v9sotd","/ip4/178.62.107.36/tcp/4001/ipfs/QmNQsK1Tnhe2Uh2t9s49MJjrz7wgPHj4VyrZzjRe8dj7KQ","/ip4/178.62.158.247/tcp/4001/ipfs/QmSoLer265NRgSp2LA3dPaeykiS1J6DifTC88f5uVQKNAd","/ip4/178.62.61.185/tcp/4001/ipfs/QmSoLMeWqB7YGVLJN3pNLQpmmEk35v6wYtsMGLzSr5QBU3","/ip4/193.73.242.7/tcp/4001/ipfs/QmQCeB5Sn4uw88HCG3nScHu1Qf4w5GTooSheAYHPpEMfaX","/ip4/195.154.14.157/tcp/4001/ipfs/QmYqXsApqs4BwU1eLBDMjV9XYeP4XCgjZgw2UYrJh1GAK3","/ip4/212.71.255.148/tcp/4001/ipfs/QmX4bukpF7jFEnyrAEZtsUchCbaCxsu2GEBH4GoZwfgASd","/ip4/51.254.25.17/tcp/4002/ipfs/QmdKbeXoXnMbPDfLsAFPGZDJ41bQuRNKALQSydJ66k1FfH","/ip4/52.204.245.162/tcp/4001/ipfs/QmZyJVCp2in8YfQrcj6Ahyyw3CwNKHZZbc7nMvVQov19m5","/ip4/63.152.95.125/tcp/4001/ipfs/Qme9kKrtmLQHy8RGYbVZQEsg1GC7DTgrTkmupR1s8Y4a52","/ip4/65.19.134.242/udp/4001/utp/ipfs/QmTtyvp3nBk6v7aPdNjGrm7MNwtGDpZzjycYpFD8Cijtb1","/ip4/66.11.119.165/tcp/4001/ipfs/QmZ5qTkNvvZ5eFq9T4dcCEK7kX8L7iysYEpvQmij9vokGE","/ip4/84.22.115.40/tcp/4001/ipfs/QmfPZcnVAEjXABiA7StETRUKkS8FzNt968Z8HynbJR7oci"]}
* Connection #0 to host 0.0.0.0 left intact

Testing your Gateway GET CORS Configuration

To make the gateway accept CORS headers, we don't use <gatewayURL>/ipfs/<hash>.

We use instead api/v0/cat?arg=.

For example, if we want the example QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme to be shown, we'd do

curl \
    -H "Origin: http://infurarocks.com" \
    -H "Access-Control-Request-Method: GET" \
    -H "Access-Control-Request-Headers: X-Requested-With" \
    -H "Cache-Control: no-cache" \
    --verbose https://ipfs.infura.io/api/v0/cat?arg=QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme

We can see the response, it should be something like

*   Trying 13.68.221.30...
* Connected to ipfs.infura.io (13.68.221.30) port 443 (#0)
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
* Server certificate: ipfs.infura.io
* Server certificate: Let's Encrypt Authority X3
* Server certificate: DST Root CA X3
> GET /api/v0/cat?arg=QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme HTTP/1.1
> Host: ipfs.infura.io
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://infurarocks.com
> Access-Control-Request-Method: GET
> Access-Control-Request-Headers: X-Requested-With
> Cache-Control: no-cache
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.0
< Date: Fri, 18 Nov 2016 15:32:39 GMT
< Content-Type: text/plain
< Transfer-Encoding: chunked
< Connection: keep-alive
< Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
< Access-Control-Allow-Origin: http://infurarocks.com
< Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
< Trailer: X-Stream-Error
< Vary: Origin
< X-Content-Length: 1091
< X-Stream-Output: 1
< Cache-Control: max-age=31536000
<
Hello and Welcome to IPFS!

██╗██████╗ ███████╗███████╗
██║██╔══██╗██╔════╝██╔════╝
██║██████╔╝█████╗  ███████╗
██║██╔═══╝ ██╔══╝  ╚════██║
██║██║     ██║     ███████║
╚═╝╚═╝     ╚═╝     ╚══════╝

If you're seeing this, you have successfully installed
IPFS and are now interfacing with the ipfs merkledag!

 -------------------------------------------------------
| Warning:                                              |
|   This is alpha software. Use at your own discretion! |
|   Much is missing or lacking polish. There are bugs.  |
|   Not yet secure. Read the security notes for more.   |
 -------------------------------------------------------

Check out some of the other files in this directory:

  ./about
  ./help
  ./quick-start     <-- usage examples
  ./readme          <-- this file
  ./security-notes
* Connection #0 to host ipfs.infura.io left intact

And we notice that the Access-Control-Allow-Origin: http://infurarocks.com headers is returned.

TIP: Sometimes, by the way, we would want to do our verbose experiments without downloading the file, well, in that case, invoke curl with the options -sD- -o /dev/null

Example

curl -sD - -o /dev/null -H "Origin: http://infurarocks.com" -H "Access-Control-Request-Method: GET" -H "Access-Control-Request-Headers: X-Requested-With" -H "Cache-Control: no-cache" https://ipfs.infura.io/api/v0/cat?arg=QmYwAPJzv5CZsnA625s3Xf2nemtYgPpHdWEz79ojWnPbdG/readme; echo

Which will return you

HTTP/1.1 200 OK
Server: nginx/1.10.0
Date: Fri, 18 Nov 2016 15:36:02 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
Access-Control-Allow-Origin: http://infurarocks.com
Access-Control-Expose-Headers: X-Stream-Output, X-Chunked-Output, X-Content-Length
Trailer: X-Stream-Error
Vary: Origin
X-Content-Length: 1091
X-Stream-Output: 1
Cache-Control: max-age=31536000

Home

IPFS

Go Ethereum

Clone this wiki locally