I am building a webapp and would like to be able to connect to a local daemon if possible. However when trying to connect to localhost:5001 for the API I run into the CORS issue. Ideally I wouldn’t have to ask my users to change their IPFS daemon settings to allow CORS, does anyone know a way to modify the outgoing headers of the ipfs-http-client to change the origin or some other CORS solution?
I’d like to provide the site’s visitor’s the option to pin the site to their node as a show of support, this is especially useful if they have a daemon that is always on (e.g. IPFS desktop). Plus the IPFS HTTP API is a much smaller package to provide when loading. Maybe I’m thinking about this wrong.
We’ve disabled the window.ipfs experiment some time ago because it exposed regular JS API that caused breaking changes due to async await refactor (not to mention user fingerprinting issues).
It may come back in some shape or form, but it will be a much smaller and more robust subset of APIs. Exposing full API on the web is too risky, we need to be very careful and follow the security model on the web, and we need a versioned, stable web-specific API to avoid issues like the one linked above.
If you are interested in following this problem space, we are tracking it in:
@logasja regarding your use case specifically (“option to pin the site to show support”), we will have an improved flow for that in browser extension at some point (details), removing the need to trust website with access to the API.