Previously I used to edit /var/www/html/admin/scripts/pi-hole/php/auth.php in order to allow queries from some specific domains (avoiding CORS issues).
The reason I did this is in order to allow the Homer widget to work.
Since v6 just launched I already know that the plugin won't work until the devs from the other project make some changes. But I want to get ahead and figure out how I could accomplish what I previously did.
There is no equivalent file.
The web interface was completely redesigned, PHP was removed and the web server was changed from lighttpd to pihole-FTL.
I don't know how to help or if it will be possible (or impossible) to do your changes, because you never said what are the changes you want to do.
I think you will need to wait for the app developers to update their code.
Maybe I focused to much on what I previously did instead of explaining what I need/want.
Normally a web servers offers a response with a Access-Control-Allow-Origin header.
This is done so that the browser only accepts requests to the specified domains in the header.
This is a well know security measure that avoids cross-site-scripting (for the most part).
Homer is a static web app that serves as a dashboard. And it has a module that allows to pull data from pihole.
Let's say that my dashboard is served at dashboard.example.com and my Pi-hole instance at pihole.example.com.
Homer will do an API request to Pi-hole (through AJAX), but since the response from Pi-hole won't have dashboard.example.com in the Access-Control-Allow-Origin header, my browser will reject the request.
So my question is rather, how can I configure the content of the Access-Control-Allow-Origin header to fit my needs?
This topic was automatically closed 21 days after the last reply. New replies are no longer allowed.