How to enable CORS headers with terracotta serve?

[j08lue]

When trying the new terracotta preview against a locally run terracotta serve, I get errors because of missing CORS headers.

This issue is popping up now, because the new preview app is using Mapbox as a map provider instead of Leaflet and data is now loaded programmatically instead of just pasting the PNG links into the browser (which do not requite CORS headers). Anways.

I tried to set TC_ALLOWED_ORIGINS_TILES and can see that it gets included in the config at runtime, but somehow that did not help?

[j08lue]

Never mind. It works with the env var. Maybe I had something cached somewhere or so.

[dionhaefner]

Shouldn't we fix this for everyone by changing the default, then?

[j08lue]

Shouldn't we fix this for everyone by changing the default, then?

Yes! Do you mean the default for terracotta serve or the app in general?

We are mostly using Mapbox to load TC layers (sometimes with Deck.gl) these days, so we always need that. Others might not, of course... Hard to tell which is better. I would perhaps prefer to make * the default, then fewer people will encounter bumps.

[dionhaefner]

I mean adding localhost to allowed origins, so the use case terracotta serve && terracotta connect always works. I wouldn't allow all by default.

[j08lue]

I'll test whether localhost and/or 127.0.0.1 works, also in Chrome... https://stackoverflow.com/questions/10883211/why-does-my-http-localhost-cors-origin-not-work

[chapmanjacobd]

yeah adding localhost by default makes a lot more sense than having no default since modern browsers seem to block localhost requests which have no CORS header set; at least in Firefox