CORS is dumb. CORS is here to stay. CORS has a bit of usefulness. As my daughter opined recently, cry me a river, build a bridge, and get over it.

After spending days on it, I now have a five minute fix for CORS in a dev environment where the frontend is split from the backend during development.

GIVEN:

• a server that serves up your RESTful API using backend data
• that same server, serving up your nicely bundled front end, after you bake it for prod
• https in prod, and http in dev
• a modern front end development environment that maximizes your local web development speed while also bundling it tight for prod ( 💕 Vite 💕 )

You may have been sailing along with that sweet setup for a while now. But then one day, CORS arrives in your neighborhood. Perhaps you realize your Node front end can now use native fetch(), how nice (at first). Or your browser just got updated and all of a sudden it’s very unhappy serving your JWT tokens. Any way you get there, you will probably hit CORS issues. They tell you you are a bad person for trying to reach your backend from your frontend. Bad dev!

The problem is that is actually now blocked as a cross-site request. This blockage is now ubiquitous. How else can you still get to your favorite awful monster sites if they are sideloading dozens of malware ads? Why should megasite be responsible for the ads they serve? Let the browser block them! We need to protect the sheeple!! But i digress…

To fix your CORS issues, quickly, you simply add proxying to your Vite environment. The proxy takes all your backend calls, sends them off, and when they return, gently stuffs all the weird painful CORS headers you need in the response to keep your frontend from having a seizure.

// https://vitejs.dev/config/
export default defineConfig({
  plugins: [react()],
  server: {
    // For back end calls, make sure to use the API prefix.
    // Our vite dev environment will proxy those calls to the back end,
    // and return them to us, with fetch's xss concerns disabled via CORS:
    //    front -> proxy -> back -> proxy -> (ADD CORS) -> front
    proxy: {
      '/api': {
        'target': 'http://backend:8080',
        changeOrigin: true,
      },
    },
    port: 8008,
  },
})

Beautiful. In addition to that, if you can just slightly touch your server side cookie header to make it fit the CORS rulebook, you can get all that cross-site protection in prod, and never deal with a CORS issue in local dev again:

if (dev_environment) {
    cookie_header += " SameSite=Lax;";
  } else {
    cookie_header += " Secure; SameSite=Strict;";
  }

A new release of Hang The DJ (v 0.8.2) is available on Sourceforge.

Features:

• mobile client can stream your collection to you on all mobile platforms
• desktop client UI makes it easy to add and remove new DJs and get your songs rated fast
• multiple user and multiple server support makes sharing easy

Send me an email if you want help trying it out.

I came through iPhone territory by way of Handspring, then Zaurus, then Treo turf, so I can handle this kind of pain. But very disappointed…

1. Install the Kies app from the google play store
2. Fiddle with it for hours before discovering it’s useless.
3. Stumble upon the Kies Windows app, install it from official site, let it spend an hour updating
4. Try to use it and utterly fail to get any reasonable response from it
5. But first, make sure you google to find all the other people with other different random stories of rage and sadness.
6. Uninstall it and redownload a newer version from the same site the same day and install it.
7. Plug your Samsung in and watch it fail to recognize it, fiddle for a few more hours…
8. Fart with scattered settings on your phone to no avail
9. Unplug and replug your phone while troubleshooting and reinstalling drivers in the right voodoo manner
10. Use the Kies troubleshooter for a while, then realize its bizarre failure screens and minutes of spinning anuses are actually installing a working driver for your phone…
11. In the middle of the night, through bleary eyes, see the Jelly Bean firmware upgrade notice – but only because you’re so tired that you watched a blank wait screen for far longer than any fully conscious human could ever muster.
12. Have the firmware fail after it starts, scaring you to death, because it detects your battery is slightly below a full charge. Writhe in pain while you wonder if you’ve bricked the thing.
13. Restart the whole process again after you unplug to charge your phone with a wall wart plug and the drivers get totally fubared all over again
14. Watch the firmware get dropped on your phone, while you no longer give a shit because you are exhausted and disappointed and frustrated.

Yay!

The latest reincarnation of Hang The DJ, my music player, is coming along nicely. In the alpha stage, it’s currently an excellent way to stream your massive music collection to your laptop.

It sits atop an open source media streamer called Ampache. I had to extend Ampache to support the more advanced features of Hang The DJ. But this extended version of Ampache still retains its full feature set.

I have plans for a full set of Hang The DJ mobile clients, but they are further down the roadmap.

In the meantime, I can still use Ampache with my iPhone in a couple different ways. There are some Ampache iPhone clients but they are rough and limited. However, Ampache by itself has a nice web interface. You can play your music by downloading, by streaming, or through a bare-bones flash player.

Flash is out on the iPhone. Downloading each song is cumbersome. But the streaming works! It’s not foolproof. The silly Safari browser on the iPhone has a ridiculously short timeout on streaming requests, something like 16 seconds, and I don’t know of any way to adjust it. So for a long time, it just didn’t seem to work for me. But following these rules, I can get to my whole music collection from my iPhone:

• Make sure you have a decent server. I recently upgraded my server to use a quad core i7 cpu and it seems to help.
• Make sure your upload bandwidth is sufficient, obviously. I have really crappy crappy “10Mbit” service from CenturyLink, which gives me about 20kbps upload. Hates it. But it’s currently my only option and it’s working.
• Make sure your iPhone is in a 3G zone. Edge service through AT&T didn’t seem to work. Stupid AT&T.
• Stream 1 song first. This is your best chance of completing the setup between Apache and Safari before timing out. Once that’s confirmed to work, slowly bump it up until you get timeouts. I can do 3-4 songs but 20 seems to fail consistently.

Yeah it’s not ideal. Just more motivation to get going on the iPhone client! 🙂

In the meantime, shoot me an email if you’re willing to try Hang The DJ out on a desktop or laptop, that would rock. Peace.

I’m using the cross-platform Qt C++ library to write an app for linux, OS X, and Windows. Qt source can be compiled to a wide range of systems and devices, with two obvious omissions that are not likely to be filled any time soon: iPhone and Android. I know I am going to need client code on these devices, and I know that the client code is going to be extremely similar to the Qt client code. How do you design for this?

Applying the concept of separation of concerns, you design your classes into layers. The base layer consists of high level concept classes that perform all fundamental actions using generic data types. Then, the derived layer is used to get the job done, using the most useful and powerful lower level tools at your disposal. Push everything you can into the base layer, until you hit the limit of non-portable information and data types. It’s a beautiful way to code.

To be more specific, in my case, the base class layer will be using C++, including the STL, which gives me tons of power. I will pull in boost if even more horsepower is needed. The derived class layer for the first round of clients will be Qt-powered. The Qt library has a massive amount of real-world usefulness, supporting everything from http to video playback. I have not gotten to the iPhone and Android clients yet so the whole concept may change, but here’s my current plan. The iPhone code will be Objective C with the C++ base class layer linked in. I will attempt to incorporate the C++ base class layer into the Android code using the NDK.

Here’s a quick example of the layer approach, in this case used to quickly set up profiling using Qt’s QTime class at the lower level: (continued…)