Monero: Add wildcard support to CORS Access-Control-Allow-Origin header in Daemon RPC
This issue requests wildcard support in the CORS Access-Control-Allow-Origin header in Daemon RPC. Doing so would allow web apps to query a Monero daemon to enable fully client-side web wallets. Since the daemon is a neutral provider of information about the Monero blockchain, I see no reason for it to discriminate against clients by not allowing web clients.
woodser
All 6 comments
Related: #2408, #1677
woodser
on 20 Feb 2019
Good idea if there is a command line switch and it is off by default (As mentioned on IRC).
Otherwise public nodes could be easily DDoSed by malicious websites (e.g., XSS on popular website)
ph4r05
on 15 Mar 2019
--rpc-access-control-origin is already an option, but there is no wildcard support. Is there some use cases where specifying the domain is too difficult, or.. ?
vtnerd
on 16 Mar 2019
@vtnerd The use case is for a web wallet to choose from multiple publicly available daemons, no different from how Cake Wallet, etc work. I supppse the additional risk is websites may DoS a daemon, but all daemons do is serve publicly available information, and I don鈥檛 see why we should restrict daemon鈥檚 from doing that if they choose to.
woodser
on 16 Mar 2019
I support this. We need wildcard support for web based wallets like monero-javascript wasm wallet.
hundehausen
on 14 Sep 2020
Would love to see this for more awesome browser based non-custodial Monero services!
AlexAnarcho
on 16 Sep 2020
Related issues
loldlm1
路
5Comments
juanpc2018
路
5Comments
tdiesler
路
4Comments
mirathewhite
路
6Comments
Gingeropolous
路
5Comments
Most helpful comment
I support this. We need wildcard support for web based wallets like monero-javascript wasm wallet.