From 0d3f40db54dd7bbf37c9d61f506d812e906225b2 Mon Sep 17 00:00:00 2001 From: "Justin (shocknet)" <34176400+shocknet-justin@users.noreply.github.com> Date: Sun, 16 Jun 2024 14:18:23 -0400 Subject: [PATCH 1/4] Access-Control-Allow-Origin --- 01.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/01.md b/01.md index 28bbc07..125aff7 100644 --- a/01.md +++ b/01.md @@ -35,6 +35,10 @@ Once `LNURL` is decoded: Neither status codes or any HTTP Header has any meaning. Servers may use whatever they want. Clients should ignore them (and be careful when using libraries that treat responses differently based on headers and status codes) and just parse the response body as JSON, then interpret it accordingly. +## CORS Browser Compatibility + +Reverse proxies or application endpoints must use the CORS Header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. + ## Decoding examples In Scala: From 90014ddb9668c68c70167b8e6407e6297fefd7d0 Mon Sep 17 00:00:00 2001 From: "Justin (shocknet)" <34176400+shocknet-justin@users.noreply.github.com> Date: Mon, 17 Jun 2024 11:32:18 -0400 Subject: [PATCH 2/4] Apply suggestions from code review Co-authored-by: Aaron Dewes --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index 125aff7..7a29274 100644 --- a/01.md +++ b/01.md @@ -37,7 +37,7 @@ Neither status codes or any HTTP Header has any meaning. Servers may use whateve ## CORS Browser Compatibility -Reverse proxies or application endpoints must use the CORS Header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. +Application endpoints that need to be accessed when using the LNURL must respond to `OPTIONS` requests on that endpoint. In their replies to `GET` and `OPTIONS`, they must set the header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. If they set the `Access-Control-Allow-Methods` header, they must set in such a way that `GET` requests are permitted. ## Decoding examples From 4273c0e4b92f8b354c1bddbcb70600f05205f4eb Mon Sep 17 00:00:00 2001 From: "Justin (shocknet)" <34176400+shocknet-justin@users.noreply.github.com> Date: Mon, 17 Jun 2024 11:33:04 -0400 Subject: [PATCH 3/4] Update 01.md --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index 7a29274..dc352e6 100644 --- a/01.md +++ b/01.md @@ -37,7 +37,7 @@ Neither status codes or any HTTP Header has any meaning. Servers may use whateve ## CORS Browser Compatibility -Application endpoints that need to be accessed when using the LNURL must respond to `OPTIONS` requests on that endpoint. In their replies to `GET` and `OPTIONS`, they must set the header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. If they set the `Access-Control-Allow-Methods` header, they must set in such a way that `GET` requests are permitted. +Application endpoints or Reverse Proxy directives that are accessed when using the LNURL must respond to `OPTIONS` requests on that endpoint. In their replies to `GET` and `OPTIONS`, they must set the header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. If they set the `Access-Control-Allow-Methods` header, they must set in such a way that `GET` requests are permitted. ## Decoding examples From 59ba7da73719ca781bbfc85851b4212a4271d8d3 Mon Sep 17 00:00:00 2001 From: "Justin (shocknet)" <34176400+shocknet-justin@users.noreply.github.com> Date: Mon, 17 Jun 2024 15:58:57 -0400 Subject: [PATCH 4/4] Update 01.md --- 01.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/01.md b/01.md index dc352e6..a455fc7 100644 --- a/01.md +++ b/01.md @@ -37,7 +37,7 @@ Neither status codes or any HTTP Header has any meaning. Servers may use whateve ## CORS Browser Compatibility -Application endpoints or Reverse Proxy directives that are accessed when using the LNURL must respond to `OPTIONS` requests on that endpoint. In their replies to `GET` and `OPTIONS`, they must set the header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. If they set the `Access-Control-Allow-Methods` header, they must set in such a way that `GET` requests are permitted. +Application endpoints (or their defined Reverse Proxy directives) accessed when using the LNURL must respond to `GET` having set the header `Access-Control-Allow-Origin: *` for LNURL's to work with browser-based wallets, services and other webapps. If they set the `Access-Control-Allow-Methods` header, they must set in such a way that `GET` requests are permitted. ## Decoding examples