CORS and cache issues with Block GETs

[RangerMauve]

I'm using the Accept: application/vnd.ipld.block feature of the gateway in order to download a single block for a root of a file tree.

The initial issue I was having was with cache-enabled requests not being able to load blocks. Specifically, it was happening in Node.js' built in undici API.

response = await fetch('https://bafkreiffsgtnic7uebaeuaixgph3pmmq2ywglpylzwrswv5so7m23hyuny.ipfs.w3s.link/', {
    headers: {Accept: 'application/vnd.ipld.raw'}
})

console.log(response.headers.get('Content-Type'))
console.log(await response.text())

Running the above in chrome devtools yields application/vnd.ipld.car when running from chrome devtools, but yields text/plain; charset=ISO-8859-1 when in Node.js.

response = await fetch('https://bafkreiffsgtnic7uebaeuaixgph3pmmq2ywglpylzwrswv5so7m23hyuny.ipfs.w3s.link/', {
    cache: 'no-cache',
    headers: {Accept: 'application/vnd.ipld.raw'}
})

console.log(response.headers.get('Content-Type'))
console.log(await response.text())

Setting the cache parameter to no-cache fixes it which leads me to think it's something to do with caching.

In Firefox, when I try to trigger the request from the devtools, it all works correctly, however when I do so with code I get a CORS error for the preflight request.

await fetch("https://w3s.link/ipfs/bafybeic3zi46caikdvukly7xwnjrecbvmllafvopvlyw6ylt3oeht7h5om/", {
    "credentials": "omit",
    "headers": {
        "User-Agent": "Mozilla/5.0 (X11; Linux x86_64; rv:106.0) Gecko/20100101 Firefox/106.0",
        "Accept": "*/*",
        "Accept-Language": "en-US,en;q=0.5",
        "Sec-Fetch-Dest": "empty",
        "Sec-Fetch-Mode": "cors",
        "Sec-Fetch-Site": "cross-site"
    },
    "referrer": "http://localhost:8000/",
    "method": "OPTIONS",
    "mode": "cors"
});

Yields Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://w3s.link/ipfs/bafybeic3zi46caikdvukly7xwnjrecbvmllafvopvlyw6ylt3oeht7h5om/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 500. with the following response headers:

HTTP/2 500 Internal Server Error
date: Wed, 16 Nov 2022 21:17:53 GMT
content-type: text/html; charset=UTF-8
x-frame-options: SAMEORIGIN
referrer-policy: same-origin
cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
expires: Thu, 01 Jan 1970 00:00:01 GMT
cf-ray: 76b3418b4f971a0f-EWR
server: cloudflare
X-Firefox-Spdy: h2

It feels like there might be something funky going on with CORS not being set? I'm a little stuck as to how I could work around this. 😅 It really looks like it's just preflight requests that aren't working.

[vasco-santos]

Setting the cache parameter to no-cache fixes it which leads me to think it's something to do with caching.

Cache might actually have issues until we sort out the issue of some gateways not supporting these new features. As a request might be addressed by a party not supporting it and then we cache "invalid" content.

It feels like there might be something funky going on with CORS not being set? I'm a little stuck as to how I could work around this. 😅 It really looks like it's just preflight requests that aren't working.

Is this happening from localhost onlye @RangerMauve ?