-
Notifications
You must be signed in to change notification settings - Fork 42
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Possibly add CORS middleware #159
Comments
This looks like it would be easy enough to set up for us, would our whitelist include just the OPTiMaDe providers as discussed in the linked issue? |
Don't know. I will let you take this issue, if you want. I just saw the discussion on the spec repo and added it here for reference :) By the way it seems the PR Materials-Consortia/OPTIMADE#140 is the one that implements it in the spec. |
You’re using a free Heroku account, right? |
@ltalirz is the one to ask, but I assume so... |
yes, using a free heroku account. if such a server is in demand, we can make another instance that is deployed independently with sufficient resources. Let me know - I'd then simply ask @gmrigna for a redirect of something like P.S. If people want this server on "neutral ground", we can also collect some money together for hosting it on heroku, where multiple people can easily have access to deployment and stats. |
Thanks for clarification! I have deployed the CORS-bypassing proxy at the Heroku, one can see how it works:
Result: no CORS header
Result: CORS header is present: @ltalirz given we deploy it from the Optimade org github, could we reserve an org sub-domain for it? e.g. cors.optimade.org (SSL cert is needed). PS |
Nice!
I'm sure that is possible - as mentioned we should just ask @gmrigna to add a corresponding DNS entry - in this case it would be:
hm... should we really be doing that? For testing a free account is fine but if we really want to advertise this URL publicly, I guess we can afford to pay (or just use server resources from some of the many optimade partners) |
Overcoming the 30-minutes Heroku limit is not a problem at all. Any monitoring solutions (there are plenty of them, free) simply ping the app regularly. Obviously, Heroku understands that very well, but it's a kind of grey zone, they can neither prohibit it, nor encourage. |
Okay, Heroku wants $84 / year for a possibility to use a free SSL cert. Bye-bye Heroku (and its 30-minutes limit) and servus Zeit! It supports gh, custom domains, and gives you the SSL cert, all for free. The free limits are also quite tasty. I transferred a CORS-bypassing server repo under the Optimade gh org, and deployed it at the Zeit platform from there at https://cors.optimade.science. @gmrigna could we use https://cors.optimade.org for that? It's enough to add just two DNS records, CNAME and TXT. |
UPD: Zeit does not support |
I have asked our system administrator a few days ago... and I am still waiting for the answer (I will send a reminder). |
Great! https://cors.optimade.org (source) is now fully operational. |
This issue is not whether or not to add CORS to heroku or providers.optimade.org, but rather if it should be added by default to the the server implementation in this repository. |
This CORS proxy is now heavily used by the Sky-Scanner web-app https://optimade.science |
Considering this issue Materials-Consortia/OPTIMADE#249 and PR Materials-Consortia/OPTIMADE#105 in the spec repo, it may be good to know that
Starlette
have aCORSMiddleware
class.Edit:
FastAPI
also has its own tutorial on this.The text was updated successfully, but these errors were encountered: