bee-check 0.6.0

Retrievability checker for Ethereum Swarm references. Multi-vantage stewardship probes, per-chunk drill-down, and one-shot re-seed.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65

# Setup and CORS

`bee-check-web` is a static SPA hosted at
[`ethswarm-tools.github.io/bee-check-web`](https://ethswarm-tools.github.io/bee-check-web/).
It probes Bee nodes **directly from your browser** — there is no
hosted backend. That keeps the operational surface tiny but means
your Bee node has to be reachable from the browser, which raises two
real-world snags:

1. **CORS** — your Bee must explicitly allow the SPA's origin.
2. **HTTPS / mixed-content** — a page served over HTTPS can't call
   plain `http://...` URLs (with one exception: `http://localhost`).

This chapter covers both.

## CORS

Set this in your Bee config (typically `~/.bee/bee.yaml`):

```yaml
cors-allowed-origins:
  - https://ethswarm-tools.github.io
  # For local dev with `npm run dev`:
  - http://localhost:5173
```

Then restart Bee. Verify with:

```bash
curl -i -X OPTIONS \
     -H "Origin: https://ethswarm-tools.github.io" \
     -H "Access-Control-Request-Method: GET" \
     http://your-bee:1633/addresses
```

You should see an `Access-Control-Allow-Origin: https://ethswarm-tools.github.io`
header in the response.

If you don't add CORS, the SPA's probe will return `error` for that
vantage and the browser console will show a CORS rejection.

## HTTPS / mixed-content

The deployed SPA is served over HTTPS. Modern browsers refuse to let
an HTTPS page call `http://1.2.3.4:1633` — that's mixed-content
blocking, and there's no override flag in normal browser settings.

Your options:

- **Point the SPA at `http://localhost:1633`**`localhost` is
  exempt from the mixed-content rule.
- **Front your Bee with a TLS reverse proxy** (Caddy, nginx, Cloudflare
  Tunnel, etc.) and point at the HTTPS URL.
- **Run the SPA locally** (`npm run dev``http://localhost:5173`)
  if you want everything on HTTP.

A mixed-content rejection shows up the same way as a CORS one: the
vantage returns `error`, and the console explains.

## Verifying both work

The easiest sanity check is to load the SPA, paste your Bee URL,
leave the reference field empty, and click anywhere. If the form
accepts your Bee URL and you can see a 200 in the browser network
tab for `GET /addresses`, you're set.