Hi! I'm building a number of APIs via NodeRED (on a Cloud) that I want to expose and want to get it right in terms of security and cors. I've secured the routes exposed by the HTTP In nodes using basic authentication. I can call those fine from external apps EXCEPT when it comes to using DropzoneJS. I can upload files via DropzoneJS fine but when I try and display image files (that would be displayed as thumbnail) that have already been uploaded I get cors errors. Does anyone have any best practice info about handling cors with nodeRED?
This is the error I get from DropzoneJS:
dropzone.min.js:1 Uncaught DOMException: Failed to execute 'getImageData' on
'CanvasRenderingContext2D': The canvas has been tainted by cross-origin data.
at detectVerticalSquash
(https://[mysite]/packages/dropzone-5.7.0/dist/min/dropzone.min.js:1:44867)
at drawImageIOSFix (https://[mysite]/packages/dropzone-5.7.0/dist/min/dropzone.min.js:1:45025)
at https://[mysite]/packages/dropzone-5.7.0/dist/min/dropzone.min.js:1:30055 at
e (https://[mysite]/packages/dropzone-5.7.0/dist/min/dropzone.min.js:1:29266) at
HTMLImageElement.d.onload (https://[mysite]/packages/dropzone-
5.7.0/dist/min/dropzone.min.js:1:29414)
||detectVerticalSquash|@|dropzone.min.js:1|
| --- | --- | --- | --- |
||drawImageIOSFix|@|dropzone.min.js:1|
||(anonymous)|@|dropzone.min.js:1|
||e|@|dropzone.min.js:1|
||d.onload|@|dropzone.min.js:1|
||load (async)|||
||value|@|dropzone.min.js:1|
||value|@|dropzone.min.js:1|
||(anonymous)|@|avatar:1073|
||Promise.then (async)|||
||(anonymous)|@|avatar:1060|
||Promise.then (async)|||
||(anonymous)|@|avatar:977|