You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi
I agree with the point mentioned in this comment that we should not allow the POST /package API from the browser by default as it modifies the system.
However, I am not very convinced with the approach we are taking to disable this feature from a browser.
Impact of no cors-
Difficult POC: We'll need NGINX or similar proxy servers to manipulate headers. This initially demands resources/time/effort which drops the motivation of the adoption of Piston.
Proposed Solution:
We can control the cors from the piston config, disabled by default(current behavior). However, we can discuss enabling it in docker-compose.dev.yml
In case we really want to be careful with the POST /packages API-
We can enable this feature(POST /packages endpoint) based on a config.
Or we decouple the system-impacting feature from user-facing endpoint list. we can provide a small script kind of tool to install a package manually inside /piston/packages dir.
In case we can conclude on this, I'll be happy to contribute to the implementation :-)
The text was updated successfully, but these errors were encountered:
Hi
I agree with the point mentioned in this comment that we should not allow the
POST /package
API from the browser by default as it modifies the system.However, I am not very convinced with the approach we are taking to disable this feature from a browser.
Impact of no cors-
Proposed Solution:
docker-compose.dev.yml
POST /packages
API-POST /packages
endpoint) based on a config./piston/packages
dir.In case we can conclude on this, I'll be happy to contribute to the implementation :-)
The text was updated successfully, but these errors were encountered: