JSR package install not working on StackBlitz

[birkskyum]

I'd like to be able to install packages from the jsr.io registry

Steps to Reproduce

• Open new StackBlitz vanilla typescript project on stackblitz
• Try to install package npx jsr add @birkskyum/maplibre-gl-draw
• Crash

~/projects/vitejs-vite-fdprwd 1m 17s
❯ npx jsr add @birkskyum/maplibre-gl-draw
Installing @birkskyum/maplibre-gl-draw...
$ npm install @birkskyum/maplibre-gl-draw@npm:@jsr/birkskyum__maplibre-gl-draw
npm ERR! code ECONNRESET
npm ERR! errno ECONNRESET
npm ERR! network request to https://npm.jsr.io/@jsr%2fbirkskyum__maplibre-gl-draw failed, reason: socket hang up
npm ERR! network This is a problem related to network connectivity.
npm ERR! network In most cases you are behind a proxy or have bad network settings.
npm ERR! network 
npm ERR! network If you are behind a proxy, please make sure that the
npm ERR! network 'proxy' config is set properly.  See: 'npm help config'

npm ERR! A complete log of this run can be found in: /home/.npm/_logs/2024-11-22T00_17_43_503Z-debug-0.log
Child process exited with: 1

I don't know if this is issue with JSR or StackBlitz

• Support installing JSR package stackblitz/core#3175

[brc-dd]

Seeing these logs on console:

Access to fetch at 'https://npm.jsr.io/@jsr%2fstd__encoding' from origin 'https://nodefhfwa8-y4rq.w-credentialless-staticblitz.com' has been blocked by CORS policy: Request header field npm-command is not allowed by Access-Control-Allow-Headers in preflight response.

Probably JSR can add Access-Control-Allow-Headers: *? (Adding these from ModHeader seems to resolve the issue.)

If you want restrictive list, these are the headers that npm sets:

"pacote-version", "pacote-req-type", "pacote-pkg-id", "npm-auth-type", "npm-scope", "npm-session", "npm-command", "npm-otp"

(I think npm-scope and npm-otp will never be set in jsr add requests)

https://github.com/jsr-io/jsr/blob/main/terraform/https.tf will need updates.