How to do cross-origin requests on IPFS

So I want to put a website on ipfs, but it has some javascript which calls out to a server that is not the ipfs gateway, so I get cross origin errors. Any idea how to do this?

Solution

You can set the Access-Control-Allow-Origin header and other headers using ipfs config:

ipfs config --json API.HTTPHeaders.Access-Control-Allow-Origin '["*"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Methods '["GET", "POST"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Headers '["Authorization"]'
ipfs config --json API.HTTPHeaders.Access-Control-Expose-Headers '["Location"]'
ipfs config --json API.HTTPHeaders.Access-Control-Allow-Credentials '["true"]'

The values above are just examples; set the real values to what your client code actually needs.

https://docs.ipfs.io/reference/api/cli/#ipfs-daemon has the (minimal) existing docs on this.

ASP.NET Core CORS Setup Stops Working After Bicep Deployment
ASP.NET Core 6 Web API : custom authentication handler and Angular HttpInterceptor [receive Status code =0 for 401 Unauthorized Response]
Drawing new Image() onto canvas and using canvas.toDataURL()
Failed to fetch. Possible Reasons: CORS Network Failure URL scheme must be "http" or "https" for CORS request
Angular 18 CORS issue with Springboot as backend
How can I enable CORS on Django REST Framework
How do I fix CORS issue in Fetch API
I try fetching my data on the server bisically this signup page, I got cors policy error even I got it configure on the server
How do I resolve a CORS issue in an Ajax POST to ASP.NET Core 6.0 Web API?
How does the 'Access-Control-Allow-Origin' header work?
Cors and React with no local server
Not able to install Microsoft.AspNet.WebApi.Cors from NuGet
Understanding XMLHttpRequest over CORS (responseText)
How to solve flutter web api cors error only with dart code?
Private Network Access problem w/ disabled web security: Request had no target IP address space, yet the resource is in address space local
SignalR errors in the console even though the requests successfully completed
Origin header missing on API call outside of network using Azure
CORS and x-apikey are mutual exclusive?
Download image blob from Google Photos using JavaScript and REST API
Origin null is not allowed by Access-Control-Allow-Origin
How to Solve CORS error in accessing laravel routes
Origin <origin> is not allowed by Access-Control-Allow-Origin
Problem with CORS policy in React front end with FastAPI on the back trying to use Microsoft Single Sign-on
Why the fetch gets failed even when I am using cors dependency?
Firebase Storage and Access-Control-Allow-Origin
Spring Boot Restful Service and CORS problem
Background-image in CSS url blocked by Opaque Response Blocking
Stripe Checkout example running into CORS error from localhost
How to disable CORS policy for special routes in Node.js/Express server?
Cors error persists no matter what I try with server