cottongin/cassette-player
cottongin/cassette-player
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 6 Activity
cassette-player/CORS.md
cottongin 7d16bdc436
update CORS.md
2026-01-17 11:24:23 -05:00

3.5 KiB
Raw Permalink Blame History

For DreamHost hosting, the owner of feed.falsefinish.club can configure CORS headers using an .htaccess file in the root directory of the site (or in the specific directory serving the audio files).

Setting CORS Headers on DreamHost

Create or edit the .htaccess file in the web root (typically ~/falsefinish.club/feed/ or wherever the audio files are served from) and add:

# Enable CORS for echo-reality.com
<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "https://echo-reality.com"
    Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
    Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
</IfModule>

# Handle preflight OPTIONS requests
<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteCond %{REQUEST_METHOD} OPTIONS
    RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>

If targeting specific file types only (recommended)

To apply CORS headers only to audio files:

<IfModule mod_headers.c>
    <FilesMatch "\.(mp3|mp4|wav|ogg|m4a)$">
        Header set Access-Control-Allow-Origin "https://echo-reality.com"
        Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
        Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
    </FilesMatch>
</IfModule>

For multiple origins (if needed during development)

If you need to allow both the production domain and a local development server:

<IfModule mod_headers.c>
    SetEnvIf Origin "^https://(echo-reality\.com|localhost:3000)$" CORS_ORIGIN=$0
    Header set Access-Control-Allow-Origin "%{CORS_ORIGIN}e" env=CORS_ORIGIN
    Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
    Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
</IfModule>

How to add the .htaccess file on DreamHost

  1. Via SFTP/FTP: Connect to the server using an FTP client (like FileZilla) and upload/edit the .htaccess file in the appropriate directory

  2. Via DreamHost Panel File Manager: Log into the DreamHost panel → Manage Websites → Files → navigate to the directory and create/edit .htaccess

  3. Via SSH (if enabled): SSH into the server and use a text editor like nano or vim

Important notes for DreamHost

  • DreamHost's shared hosting uses Apache, so .htaccess files work out of the box
  • The mod_headers module is enabled by default on DreamHost
  • Make sure the .htaccess file has proper permissions (644)
  • Changes take effect immediately—no server restart needed

Testing the configuration

After adding the .htaccess file, the owner can verify it's working by checking the response headers:

curl -I -X OPTIONS -H "Origin: https://echo-reality.com" \
  "https://feed.falsefinish.club/Echo%20Reality/PINK%20FLIGHT/MP3%20BOUNCE/01.%20PINK%20FLIGHT%20ATTENDANT.mp3"

The response should include the Access-Control-Allow-Origin: https://echo-reality.com header.

Quick test .htaccess for DreamHost

# TEMPORARY - Allow all origins for testing
<IfModule mod_headers.c>
    <FilesMatch "\.(mp3|mp4|wav|ogg|m4a)$">
        Header set Access-Control-Allow-Origin "*"
        Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
        Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
    </FilesMatch>
</IfModule>

This limits the wildcard CORS to just media files, which is a reasonable middle ground—your audio files are publicly accessible but you're not opening up everything on the domain.