HTTP Allow Localhost

If you want to use the Stormworks HTTP API async.httpGet(...) in this Lua IDE you have two choices:

Option A: Install browser extension
Option B: Manually add CORS Headers (See examples below)

NOTE: Both options end up in the same result, it is your choice: either be lazy and use option A or have full control over CORS Headers and go with option B. In case you are paranoid, you will probably prefer option B.

Option A: Install browser extension

I created a special browser extension that adds those CORS Headers to the HTTP requests automatically, even if your webserver does not provide any CORS Headers.

This happens only for https://lua.flaffipony.rocks and does not effect other websites!

The browser extension is available for Firefox and Chrome (they do exactly the same and have the same code)

Option B: Manually add CORS Headers

Depending on the webserver you are using, the approach is different. I offer you example implementations for the the systems i have sufficient experience.

Example NGINX Configuration

        location / {

            # allow CORS (allow scripts running on https://lua.flaffypony.rocks to make HTTP requests to your local webserver)

            if ($request_method = 'OPTIONS') {
                add_header 'Access-Control-Allow-Origin' 'https://lua.flaffipony.rocks';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                #
                # Custom headers and headers various browsers *should* be OK with but aren't
                #
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
                #
                # Tell client that this pre-flight info is valid for 20 days
                #
                add_header 'Access-Control-Max-Age' 1728000;
                add_header 'Content-Type' 'text/plain; charset=utf-8';
                add_header 'Content-Length' 0;
                return 204;
            }
            if ($request_method = 'POST') {
                add_header 'Access-Control-Allow-Origin' 'https://lua.flaffipony.rocks';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
            }
            if ($request_method = 'GET') {
                add_header 'Access-Control-Allow-Origin' 'https://lua.flaffipony.rocks';
                add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
                add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
                add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range';
            }


            # example proxy setup (you will probably have a different configuration!)

            proxy_set_header  X-Real-IP $remote_addr;
            proxy_pass http://localhost:3000;

            proxy_read_timeout  90;
        }

Example NodeJS with Expressjs

Use the simple cors package from npm https://www.npmjs.com/package/cors

$ npm install cors

In your app.js or index.js you can configure cors to only allow https://lua.flaffipony.rocks

            let express = require('express')
            let cors = require('cors')
            let app = express()

            app.use(
                cors({
                    origin: 'https://lua.flaffipony.rocks',
                    optionsSuccessStatus: 200 // some legacy browsers (IE11, various SmartTVs) choke on 204
                })
            )

            /* below is your code */

            app.get('*', ()=>{
                /* ... */
            })