CORS error for light client on all transport servers on mainnet

[agatsoh]

Description

The light client encounters CORS exceptions while calling the mainnet matrix server API's at startup
This is not the problem of the light client but its just that the matrix servers or for that matter any other servers if they are called from a different domain and return the reply without the Access-Control-Allow-Origin headers set then the browser blocks the response.

Acceptance criteria

• The only thing we can do in this case is to request RSB providers to allow certain domains like

1. https://lightclient.raiden.network/
2. http://localhost:8080/
   may be some more commonly used domains used by light-client users as allowed on the CORS headers

Tasks

• RSB providers to Send CORS headers (Access-Control-Allow-Origin)

raiden_0x14efA2b271969A46A094A23e0d49E32C1B617f89_2020-07-30T07_39_20.313Z.log

@christianbrb please check whether the content of this issue is correct.

[christianbrb]

@agatsoh Thanks for opening the issue :)

@andrevmatos has described a workaround yesterday to select a different server if the current one fails. We should implement it in the dApp.

@Dominik1999 @ulope Is there any rule for CORS for the RSB provider?

[agatsoh]

@christianbrb
I checked, all servers dont give responses with the Access-Control-Allow-Origin headers so even selecting a different server if one fails is of no use.

[christianbrb]

@agatsoh Could you also check our test and demo servers?

[agatsoh]

One observation when i used the https://transport.raiden.badgateway.tech server while transferring I got

https://transport.raiden.badgateway.tech/_matrix/client/r0/presence/%400xf128a427deff3a4f792373f4be38beecd07d4ffe%3Atransport.mainnet.raiden.anyblock.tools/status?access_token=MDAyZWxvY2F0aW9uIHRyYW5zcG9ydC5yYWlkZW4uYmFkZ2F0ZXdheS50ZWNoCjAwMTNpZGVudGlmaWVyIGtleQowMDEwY2lkIGdlbiA9IDEKMDA1ZmNpZCB1c2VyX2lkID0gQDB4MTRlZmEyYjI3MTk2OWE0NmEwOTRhMjNlMGQ0OWUzMmMxYjYxN2Y4OTp0cmFuc3BvcnQucmFpZGVuLmJhZGdhdGV3YXkudGVjaAowMDE2Y2lkIHR5cGUgPSBhY2Nlc3MKMDAyMWNpZCBub25jZSA9IDBacmJCPUVsN2JDJl5YckwKMDAyZnNpZ25hdHVyZSBM9K_cH1Pav5wc0vNsB6DP5MvAF-ukfVRgEMwQwBhoMAo 403
logger.js:49 Error fetching user presence, ignoring: M_FORBIDDEN: You are not allowed to see their presence.

Error fetching user presence, ignoring: M_FORBIDDEN: You are not allowed to see their presence.

But then somehow it did not complain on the browser and got the presence from somewhere

and while making the actual transfer it complained about CORS but from a different server https://pfs.raiden.overdoze.se/api/v1/info

Access to fetch at 'https://pfs.raiden.overdoze.se/api/v1/info' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

[agatsoh]

Yes I just now check the demo servers as well as the test servers we do not get the CORS errors