Skip to content

Add CORS support to pinning service#33

Open
magent-cryptograss wants to merge 3 commits into
cryptograss:productionfrom
magent-cryptograss:pinning-cors
Open

Add CORS support to pinning service#33
magent-cryptograss wants to merge 3 commits into
cryptograss:productionfrom
magent-cryptograss:pinning-cors

Conversation

@magent-cryptograss

Copy link
Copy Markdown
Contributor

Summary

  • Adds CORS middleware to the pinning service to allow browser requests from cryptograss domains
  • Allows requests from cryptograss.live, www.cryptograss.live, *.hunter.cryptograss.live subdomains, and localhost

Why

The mint submission page at blox-office/admin/mint-submission/1 needs to call the pinning service from the browser to pin videos to IPFS before minting. Without CORS headers, browsers block these cross-origin requests.

Test plan

  • Deploy to maybelle via maybelle-chapter-1.sh
  • Navigate to a mint submission page on hunter dev
  • Click "Pin to IPFS" and verify the request succeeds

- Add auth.js module with signature verification using viem
- Verify signer is in AUTHORIZED_WALLETS env var (comma-separated)
- Reject timestamps older than 5 minutes (replay protection)
- Add 10 tests covering all auth scenarios
- Update README with new auth flow

Vault now needs: pinning_authorized_wallets (not pinning_service_api_key)
Allow cross-origin requests from cryptograss domains and hunter dev
subdomains so the mint page can call the pinning API from the browser.
@jMyles jMyles force-pushed the production branch 4 times, most recently from c1639ba to 2e1f829 Compare March 2, 2026 09:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants