Add CORS headers to dream server to ease integration with third-party web interfaces#363
Merged
Merged
Conversation
pip3 version did not work for me and this is the recommended way to install Anaconda now it seems
* fix img2img variations * fix assert for variation_amount
lstein
approved these changes
Sep 4, 2022
Collaborator
lstein
left a comment
lstein
left a comment
There was a problem hiding this comment.
Tested and works as advertised. Thank you.
Contributor
|
I really don't think this should be on by default. This means that any website you visit can talk to the web UI, including submitting requests. That's certainly not something I'd expect to happen without opting in, and it's also something we'd almost certainly for which we'd want to have much stricter auditing of the security of the code before enabling at all (imagine if this went in before #133). The cross-origin restrictions are a security feature and there's good reason they're on by default. |
Contributor
|
I think this would be better as a CLI argument |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I am tinkering on a project that explores some additional functionality for the web interface such as prompt queueing. Projects like these (where dev servers and deployed versions run on a different host or port than the stable-diff embedded web server) are currently suffering from failing preflight requests and additional CORS errors, since the server does not provide appropriate header responses.
This PR adds the
Access-Control-Allow-OriginandAccess-Control-Allow-HeadersCORS headers to the appropriate responses, as well as adds theOPTIONHTTP method for preflight requests.