Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Feature] Enable CORS inside Headscale. #2301

Open
2 tasks done
Jisse-Meruma opened this issue Dec 16, 2024 · 0 comments
Open
2 tasks done

[Feature] Enable CORS inside Headscale. #2301

Jisse-Meruma opened this issue Dec 16, 2024 · 0 comments
Labels
enhancement New feature or request

Comments

@Jisse-Meruma
Copy link

Jisse-Meruma commented Dec 16, 2024
edited
Loading

Use case

Feature Overview: Injecting Access-Control-Allow-Origin Response Header

This feature aims to inject the Access-Control-Allow-Origin response header directly through the configuration file (config.yaml). The primary purpose of this feature is to simplify the setup process for those using Headscale with a Web Tailscale Client.

Learn more about the Tailscale SSH Console

Justification

  1. Simplified Setup for Tailscale Web Client:

    • Tailscale uses a browser client to set up an SSH console.
    • My company Leaning Technologies uses a Tailscale web client to establish peer-to-peer connections between two browsers.
    • We use Headscale for companies that prefer not to use the Tailscale Control Plane

  2. Eliminating the Proxy Layer:

    • Before: Users needed to deploy and configure an additional proxy server behind the Headscale server to manage Cross-Origin Resource Sharing (CORS).
    • After: This feature allows users to directly configure CORS support through the config.yaml file, eliminating the need for an extra proxy layer.

  3. Following the Same Principle:

    • Headscale also supports integrated TLS, This is also to eliminate the use of a proxy server. This feature extends that Idea to also let you enable CORS

  4. Quality of Life Improvement:

    • The ability to enable CORS through the configuration file simplifies deployment and configuration, making it more user-friendly and reducing setup complexity.

Configuration Details

The Access-Control-Allow-Origin header can be configured by adding the following to the config.yaml file:

  # Examples:
  # "*" - Allow access from any origin (use with caution).
  # "http://example.com" - Allow access only from the specified origin.
  # "" - Disable CORS, no cross-origin requests allowed.
  Access-Control-Allow-Origin: "*" # Allows all origins

Description

Feature Overview: Injecting Access-Control-Allow-Origin Response Header

This feature allows the injection of the Access-Control-Allow-Origin response header directly through the config.yaml file. The primary purpose is to simplify the setup process for users of Headscale with a Web Tailscale Client, making it easier to handle Cross-Origin Resource Sharing (CORS) without needing to set up a proxy server.

Configuration Details

The Access-Control-Allow-Origin header can be configured by adding the following to the config.yaml file:

Contribution

  • I can write the design doc for this feature
  • I can contribute this feature

How can it be implemented?

  1. Add an new option to the config.yaml file.
  2. Check if the Option has been set.
  3. Add a new header in all response messages
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Jisse-Meruma