GetReal Labs - CORS Fix Applied ✅

Date: 2025-11-07 Status: ✅ FIXED - Proxy Configuration Added Issue: Browser blocking cross-origin requests to WordPress REST API

Critical Discovery

The WordPress plugin code in production uses DIFFERENT endpoints than the documentation stated:

Documentation Said (❌ WRONG):

• Namespace: ypai-video/v1
• Endpoint: task-json-urls
• Full URL: /wp-json/ypai-video/v1/task-json-urls

Actual Plugin Uses (✅ CORRECT):

• Namespace: ypai/v1
• Endpoint: json-urls
• Full URL: /wp-json/ypai/v1/json-urls

Plugin Location: T:\Audits\GetRealLabs\Scripts\DEPLOY-READY\ypai-video-uploader.php Plugin Version: 1.2.0 (lines 1-446)

Root Causes

Problem 1: Wrong Endpoint Name

File: src/api/getreal/wordpress.ts:16

Before (wrong):

const url = `${getBaseUrl()}/wp-json/ypai-video/v1/task-json-urls?participant_id=...`;

After (correct):

const url = `${getBaseUrl()}/wp-json/ypai/v1/json-urls?participant_id=...`;

Problem 2: CORS Blocking Localhost

Plugin Code: ypai-video-uploader.php:14-27

const YPAI_ALLOWED_ORIGIN = 'https://yourpersonalai.net';

function ypai_origin_ok(){
  $origin = $_SERVER['HTTP_ORIGIN'] ?? '';
  if ($origin === '') return true;
  return stripos($origin, YPAI_ALLOWED_ORIGIN) === 0;
}

The WordPress plugin only allows requests from https://yourpersonalai.net. When browser makes requests from http://localhost:4063, they get blocked by CORS.

Solution Applied

1. Fixed Endpoint Name ✅

File: src/api/getreal/wordpress.ts

Changed from:

• /wp-json/ypai-video/v1/task-json-urls ❌
• /wp-json/ypai-video/v1/upload-urls ❌
• /wp-json/ypai-video/v1/verify-uploads ❌

To:

• /wp-json/ypai/v1/json-urls ✅
• /wp-json/ypai/v1/upload-urls ✅ (was already correct)
• /wp-json/ypai/v1/verify-uploads ✅ (was already correct)

2. Added Vite Proxy ✅

File: astro.config.mjs:67-74

vite: {
  server: {
    proxy: {
      // GetReal Labs API proxy - routes WordPress REST API calls to avoid CORS
      '/wp-json': {
        target: 'https://yourpersonalai.net',
        changeOrigin: true,
        secure: false,
      }
    }
  }
}

3. Updated Base URL Logic ✅

File: src/api/getreal/wordpress.ts:13

// Use empty string in dev (proxied), full URL in production
const getBaseUrl = () => (import.meta.env.DEV ? '' : WP_BASE_URL);

How It Works:

• Development: getBaseUrl() returns '' → Browser requests http://localhost:4063/wp-json/... → Vite proxy forwards to https://yourpersonalai.net/wp-json/... → CORS bypassed
• Production: getBaseUrl() returns 'https://yourpersonalai.net' → Direct requests (same origin, no CORS issue)

Files Modified

1. src/api/getreal/wordpress.ts (3 changes)

   • Line 13: Updated getBaseUrl() to use proxy in dev mode
   • Line 16: Changed endpoint from task-json-urls to json-urls
   • Lines 22, 45, 67: Already had mode: 'cors' (kept)

2. astro.config.mjs (1 change)

   • Lines 67-74: Added Vite proxy configuration for /wp-json paths

3. src/pages/getreal/CORS-FIX-APPLIED.md (this file)

   • Documentation of the fix

Testing Required

1. Restart Dev Server ⚠️

The Astro config change requires restarting the dev server:

# Kill existing servers
# The dev server should auto-restart when astro.config.mjs changes

# Or manually restart:
cd "T:\Dev\VS Projects\Wesbite\Website YPAI\ypai-astro"
npm run dev

2. Test API Call

Navigate to: http://localhost:4063/getreal/record?participant_id=01234&session_id=test&source=Prolific

Expected Result:

• Console shows: “Fetching task JSON URLs…”
• API request to /wp-json/ypai/v1/json-urls succeeds (HTTP 200)
• 10 task JSON URLs returned
• No CORS errors

3. Test Video Recording

• Camera access granted
• Task displays correctly
• Video records (30+ seconds)
• Upload completes successfully
• Progress saved to localStorage

Why Proxy Works

Without Proxy (❌ CORS Error):

Browser at http://localhost:4063
→ Fetches https://yourpersonalai.net/wp-json/ypai/v1/json-urls
→ Browser blocks: "Cross-origin request from http://localhost:4063 to https://yourpersonalai.net"

With Proxy (✅ Success):

Browser at http://localhost:4063
→ Fetches http://localhost:4063/wp-json/ypai/v1/json-urls (same origin)
→ Vite proxy forwards to https://yourpersonalai.net/wp-json/ypai/v1/json-urls
→ WordPress plugin sees origin as empty or yourpersonalai.net
→ WordPress returns data
→ Proxy returns to browser
→ No CORS error (same-origin request)

Production Deployment Notes

When deploying to production:

1. No proxy needed - Both Astro pages and WordPress API are on same domain (yourpersonalai.net)
2. getBaseUrl() returns full URL - import.meta.env.DEV is false
3. CORS headers not needed - Same-origin requests don’t trigger CORS

WordPress Plugin Discrepancy

⚠️ IMPORTANT: The Obsidian documentation claimed the plugin uses:

• Namespace: ypai-video/v1
• Endpoint: task-json-urls

But the ACTUAL deployed plugin uses:

• Namespace: ypai/v1
• Endpoint: json-urls

Plugin Source: T:\Audits\GetRealLabs\Scripts\DEPLOY-READY\ypai-video-uploader.php Lines: 204, 268, 59 (register_rest_route calls)

Recommendation: Update Obsidian documentation to match actual plugin code, OR update plugin to match documentation. For now, I’ve matched the code to the DEPLOYED plugin.

Fix Applied: 2025-11-07 Files Modified: 2 (wordpress.ts, astro.config.mjs) Lines Changed: 6 lines total Status: ✅ READY FOR TESTING (after dev server restart)