<![CDATA[CORS for Surfer]]>Hello!

I've recently discovered the beauty that is Surfer and am already using it for multiple different purposes.

I've just come across a use case where I need CORS from my Surfer instance. I know the basics of CORS but don't know too much about the in-depth details of it to know what I'm specifically looking for (in the way of implementation). I am able to access my file just fine through a new tab for example, but when I need a separate web service to access these files, I get the following errors in the console. Thoughts? Has anyone come across this before? Wondering if I could even leverage the Security settings somehow to enable this?

9c44d403-4d21-4fad-bc99-0834bc22fb5a-image.png

]]>https://forum.cloudron.io/topic/3765/cors-for-surferRSS for NodeMon, 20 Apr 2026 15:18:44 GMTFri, 20 Nov 2020 23:42:24 GMT60<![CDATA[Reply to CORS for Surfer on Mon, 23 Nov 2020 23:07:21 GMT]]>This is added to the just released version. Please let me know if it does not work for your use-case.

]]>https://forum.cloudron.io/post/19833https://forum.cloudron.io/post/19833Mon, 23 Nov 2020 23:07:21 GMT<![CDATA[Reply to CORS for Surfer on Tue, 24 Nov 2020 03:11:16 GMT]]>@mehdi @nebulon it was the right URL, but that doesn't mean I'm not an idiot 🙂 I forgot to actually update the app to the latest version with CORS compatibility 😅

After an update, all is working as expected! Appreciate the help and quick turn around!

[can mark as resolved]

]]>https://forum.cloudron.io/post/19850https://forum.cloudron.io/post/19850Tue, 24 Nov 2020 03:11:16 GMT<![CDATA[Reply to CORS for Surfer on Tue, 24 Nov 2020 00:37:27 GMT]]>@thetomester13 Are you absolutely sure of the URL you are trying to load? The OPTION request gives a 404 (and the other error seems to be Firefox not liking a cross-domain 404 or something).

]]>https://forum.cloudron.io/post/19841https://forum.cloudron.io/post/19841Tue, 24 Nov 2020 00:37:27 GMT<![CDATA[Reply to CORS for Surfer on Tue, 24 Nov 2020 00:24:56 GMT]]>@nebulon amazing!

However, not sure this solved my particular use case 😕
This is what I'm seeing now in the Networking tab:
Screen Shot 2020-11-23 at 7.21.19 PM.png
Viewing the file I'm trying to access directly works without a problem, and obviously something changed since the errors are different.

That being said, I'm about to try and tackle this problem through another way, so I'm not too worried about this specific use case. If you are curious, I'm happy to help debug on my end though.

]]>https://forum.cloudron.io/post/19837https://forum.cloudron.io/post/19837Tue, 24 Nov 2020 00:24:56 GMT<![CDATA[Reply to CORS for Surfer on Mon, 23 Nov 2020 23:07:21 GMT]]>This is added to the just released version. Please let me know if it does not work for your use-case.

]]>https://forum.cloudron.io/post/19833https://forum.cloudron.io/post/19833Mon, 23 Nov 2020 23:07:21 GMT<![CDATA[Reply to CORS for Surfer on Sat, 21 Nov 2020 12:54:59 GMT]]>@nebulon You could enable CORS only for the served files, not for the API.

]]>https://forum.cloudron.io/post/19668https://forum.cloudron.io/post/19668Sat, 21 Nov 2020 12:54:59 GMT<![CDATA[Reply to CORS for Surfer on Sat, 21 Nov 2020 09:18:38 GMT]]>Given that the API would be accessed via a token, I don't see much risk here to enable CORS. I will do so in the next surfer release then.

]]>https://forum.cloudron.io/post/19664https://forum.cloudron.io/post/19664Sat, 21 Nov 2020 09:18:38 GMT<![CDATA[Reply to CORS for Surfer on Sat, 21 Nov 2020 00:40:27 GMT]]>@thetomester13 I will let @nebulon decide if there are any security issue to allow this (or not). But of course a workaround is simply to proxy the surfer API calls via your backend. These days some privacy extensions also block some api calls to 3rd party sites (which are not a subdomain of the site you browse).

]]>https://forum.cloudron.io/post/19646https://forum.cloudron.io/post/19646Sat, 21 Nov 2020 00:40:27 GMT