cottongin/cassette-player
cottongin/cassette-player
1
0
Fork 0
Code Issues Pull Requests Actions Packages Releases 6 Activity
cassette-player/CORS.md
cottongin 7d16bdc436
update CORS.md
2026-01-17 11:24:23 -05:00

89 lines
3.5 KiB
Markdown
Raw Blame History

For DreamHost hosting, the owner of `feed.falsefinish.club` can configure CORS headers using an `.htaccess` file in the root directory of the site (or in the specific directory serving the audio files).
## Setting CORS Headers on DreamHost
Create or edit the `.htaccess` file in the web root (typically `~/falsefinish.club/feed/` or wherever the audio files are served from) and add:
```apache
# Enable CORS for echo-reality.com
<IfModule mod_headers.c>
Header set Access-Control-Allow-Origin "https://echo-reality.com"
Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
</IfModule>
# Handle preflight OPTIONS requests
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} OPTIONS
RewriteRule ^(.*)$ $1 [R=200,L]
</IfModule>
```
### If targeting specific file types only (recommended)
To apply CORS headers only to audio files:
```apache
<IfModule mod_headers.c>
<FilesMatch "\.(mp3|mp4|wav|ogg|m4a)$">
Header set Access-Control-Allow-Origin "https://echo-reality.com"
Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
</FilesMatch>
</IfModule>
```
### For multiple origins (if needed during development)
If you need to allow both the production domain and a local development server:
```apache
<IfModule mod_headers.c>
SetEnvIf Origin "^https://(echo-reality\.com|localhost:3000)$" CORS_ORIGIN=$0
Header set Access-Control-Allow-Origin "%{CORS_ORIGIN}e" env=CORS_ORIGIN
Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
</IfModule>
```
### How to add the .htaccess file on DreamHost
1. **Via SFTP/FTP**: Connect to the server using an FTP client (like FileZilla) and upload/edit the `.htaccess` file in the appropriate directory
2. **Via DreamHost Panel File Manager**: Log into the DreamHost panel → Manage Websites → Files → navigate to the directory and create/edit `.htaccess`
3. **Via SSH** (if enabled): SSH into the server and use a text editor like `nano` or `vim`
### Important notes for DreamHost
- DreamHost's shared hosting uses Apache, so `.htaccess` files work out of the box
- The `mod_headers` module is enabled by default on DreamHost
- Make sure the `.htaccess` file has proper permissions (644)
- Changes take effect immediately—no server restart needed
### Testing the configuration
After adding the `.htaccess` file, the owner can verify it's working by checking the response headers:
```bash
curl -I -X OPTIONS -H "Origin: https://echo-reality.com" \
"https://feed.falsefinish.club/Echo%20Reality/PINK%20FLIGHT/MP3%20BOUNCE/01.%20PINK%20FLIGHT%20ATTENDANT.mp3"
```
The response should include the `Access-Control-Allow-Origin: https://echo-reality.com` header.
### Quick test `.htaccess` for DreamHost
```apache
# TEMPORARY - Allow all origins for testing
<IfModule mod_headers.c>
<FilesMatch "\.(mp3|mp4|wav|ogg|m4a)$">
Header set Access-Control-Allow-Origin "*"
Header set Access-Control-Allow-Methods "GET, HEAD, OPTIONS"
Header set Access-Control-Expose-Headers "ETag, Last-Modified, Content-Length"
</FilesMatch>
</IfModule>
```
This limits the wildcard CORS to just media files, which is a reasonable middle ground—your audio files are publicly accessible but you're not opening up everything on the domain.
Reference in New Issue View Git Blame Copy Permalink