Calls to /api are no longer forwarded to the replica

[paulyoung]

I upgraded icx-proxy from e3866f0 to 7624053 and now the initial call to /api/v2/status returns the HTML page of my asset canister, and a CBOR decoder tries to decode that and throws an error.

I downgraded back to e3866f0 API calls were forwarded again.

Is there some new flag I need to pass to get the old behavior? I couldn't see anything obvious in the help text.

[nomeata]

This is intentional - at least for secure domains such uncertified “holes” make your users attackable by a malicious replica.

You should not use the canister domain for IC requests, but some generic domain (is it simply ic0.app? I don't remember)

[paulyoung]

This is all abstracted away from me by agent-js; I’m using createActor as shown in the README: https://github.com/dfinity/agent-js/blob/main/packages/auth-client/README.md#in-the-browser

By the way, I’m only using icx-proxy locally; I have a wrapper script that reads the relevant canister’s ID and then starts icx-proxy with the --dns-alias flag, since it’s inconvenient for a certain client I’m targeting to have to update the canister ID if/when it changes.

[nomeata]

Ah, so maybe (just guessing) the agent has logic for picking the right gateway domain in production, but not locally. Hmmm.

[paulyoung]

I think calls are made relative to the current domain, so if I do --dns-alias myproject.localhost:<canister id of myproject_assets> then browse to http://myproject.localhost in a Chromium browser (I use Brave) it serves up the front end and calls http://myproject.localhost/api/v2/status

[nomeata]

Right, that is the old behaviour that used to work, until the proxing of /api was removed. For production, the agent takes care of it since dfinity/agent-js#516 I think… not sure how to help with your use case, though.

[paulyoung]

I’ll try upgrading agent-js

[nomeata]

That change won’t help you in the local use-case, I don’t know if any others changes there have. But worth trying, of course.

[paulyoung]

Based on this post by @Daniel-Bloom-dfinity I think I need to set the host option of the HTTP agent to something like isLocal ? "127.0.0.1:8000" : "ic0.app" (the local replica runs on port 8000)

@ninegua also shared something in this post about using ic0.app

Perhaps seeing <canister id>.ic0.app all the time has confused people. I think that's what confused me.

[paulyoung]

Setting the host as described above appears to be working as intended. Thanks for the help!

[paulyoung]

In addition to the above I had set the host to 127.0.0.1:8080 when running my local dev server for iterating on the front end (I'm using esbuild on port 8080 but other people may be using something like webpack dev server on a different port)

I think not setting the host or setting it to undefined has the same effect but I have an abstract over this and didn't want to may it optional.

I still needed to forward /api using some proxy middleware due to CORS.

[paulyoung]

I think the simple solution to the above is to use host: window.location.host everywhere.

[paulyoung]

Ah, no, that's the default and that includes the subdomain.