api: Add support for Private Network Access header preflight requests #1620
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #1620 +/- ##
==========================================
+ Coverage 69.39% 69.44% +0.04%
==========================================
Files 37 38 +1
Lines 7375 7386 +11
==========================================
+ Hits 5118 5129 +11
Misses 1839 1839
Partials 418 418 ☔ View full report in Codecov by Sentry. |
|
I know this is a small change — but in general, it would be nice to have tests and test coverage for new features, which the codecov linter is calling out as 0% test coverage for this PR. The codecov linter doesn't block merge, but if you wanted to improve that statistic, there are some examples of HTTP server tests in indexer/api/handlers_e2e_test.go you could follow, or directly in the middleware package (like in indexer/api/middlewares/migration_middleware_test.go). Basically, following TDD and writing Go unit tests for both this and the matching PNA algod PR would help improve coverage and quickly prove to the reviewer that new features are generally hooked up & plumbed through correctly. |
nullun
force-pushed
the
feature/pna-headers
branch
from
9a3bd67
to
dc9f5ff
Compare
nullun
force-pushed
the
feature/pna-headers
branch
from
be49453
to
1aa69a6
Compare
|
I rebased on the latest main, as the removal of rewind (changing DeveloperMode) had caused some conflicts. |
Summary
During development of Algorand smart contracts and platforms users will often run local environments consisting of algod, kmd, and indexer via sandbox or more recently algokit. By default all of these services are running on local/private network addresses (e.g. 127.0.0.1), however popular tools such as DappFlow and Lora are hosted on public network addresses and require the user to specify their local endpoints. Additionally some dapps allow their users to provide their own endpoints for a more decentralised experience.
Schedule for Google Chrome 130 (although many users are already experiencing it), PNA protections will be enabled by default, disallowing public websites from making requests to local/private resources without a specific header response during a preflight request. This PR introduces a new configuration option that will add middleware to the API handler to support responding to the Private Network Access request header.
Test Plan
I've currently just compiled this branch locally and tested it by changing the indexer.yml config and passing the command line flag.