leptus icon indicating copy to clipboard operation
leptus copied to clipboard

Published 20 hours ago verified publisher icon sinasamavati

CORS with header sendback

Open tommyjcarpenter opened this issue 8 years ago • 10 comments

I have followed this: https://github.com/s1n4/leptus/issues/33

This correctly returns the origin.

However, how do you enable CORS support that depends on the Port too? I.e., how do you configure Leptus to return the header Access-Control-Allow-Origin: *? We have another service making ajax calls that is expecting that header, which seems to fail when only origin is returned without a port.

tommyjcarpenter avatar Sep 26 '16 13:09 tommyjcarpenter

In particular, if the origin contains a port specification (e.g. origin: http://example.com:8000), then we get a 500 Internal Server Error in response.

gordonwoodhull avatar Sep 26 '16 13:09 gordonwoodhull

In case you haven't seen the doc: https://github.com/s1n4/leptus/blob/master/docs/callbacks.org#cross_domains3

Could you pass '_' as the value of HostMatch, and then give me some logs if there would be any?

Like this:

cross_domains(_Route, _Req, State) ->
    {['_'], State}.

sinasamavati avatar Sep 26 '16 14:09 sinasamavati

Aha. I need logs from your Erlang console. Could you provide Leptus logs?

sinasamavati avatar Sep 26 '16 15:09 sinasamavati

cross_domains(_Route, Req, State) -> {[""], State}.

That should be the atom '_' not the string.

sinasamavati avatar Sep 26 '16 15:09 sinasamavati

OK running with:

cross_domains(_Route, _Req, State) -> {['_'], State}.

Here is a curl that does not specify a port:

curl -H "Origin: http://mydomain.com" --verbose http://135.207.127.211:7777/application/                                                                Mon Sep 26 11:20:03 2016
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com
>
< HTTP/1.1 200 OK
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:19:42 GMT
< content-length: 2
< content-type: application/json
< access-control-allow-origin: http://mydomain.com
<
* Connection #0 to host 135.207.127.211 left intact

This works as intended and shows the header access-control-allow-origin: http://mydomain.com.

But when we do:

curl -H "Origin: http://mydomain.com:8000" --verbose http://135.207.127.211:7777/application/
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com:8000
>
< HTTP/1.1 500 Internal Server Error
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:20:23 GMT
< content-length: 0
<
* Connection #0 to host 135.207.127.211 left intact

it blows up

tommyjcarpenter avatar Sep 26 '16 15:09 tommyjcarpenter

Right now this is a REST service exposed to clients, so I will have to make some code changes to allow logs to penetrate through. Right now there are no logs that would be useful to you

tommyjcarpenter avatar Sep 26 '16 15:09 tommyjcarpenter

Maybe this is a Cowboy issue, because it is blowing up but I don't see any Leptus logs.

Code:

get("/application", Req, State) ->
        erlang:display(gottohere),
        {200, {json, []}, State};

Working one without port:

curl -H "Origin: http://mydomain.com" --verbose http://135.207.127.211:77
77/application/
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com
>
< HTTP/1.1 200 OK
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:29:06 GMT
< content-length: 2
< content-type: application/json
< access-control-allow-origin: http://mydomain.com
<
* Connection #0 to host 135.207.127.211 left intact

Erlang console displays

gottohere

One with port that blows up:

curl -H "Origin: http://mydomain.com:8000" --verbose http://135.207.127.2
11:7777/application/
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com:8000
>
< HTTP/1.1 500 Internal Server Error
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:29:41 GMT
< content-length: 0
<
* Connection #0 to host 135.207.127.211 left intact

Erlang consule displays

gottohere

tommyjcarpenter avatar Sep 26 '16 15:09 tommyjcarpenter

Is cowboy's set_resp_header exposed in Leptus?

E.g., other people have solved this by directly setting headers like:

options(Req, State) ->
  Req1 = cowboy_req:set_resp_header(<<"access-control-max-age">>, <<"1728000">>, Req0),
  Req2 = cowboy_req:set_resp_header(<<"access-control-allow-methods">>, <<"HEAD, GET, POST">>, Req1),
  Req3 = cowboy_req:set_resp_header(<<"access-control-allow-headers">>, <<"content-type, authorization">>, Req2),
  Req4 = cowboy_req:set_resp_header(<<"access-control-allow-origin">>, <<$*>>, Req3),
  {ok, Req, State}.

from: https://github.com/ninenines/cowboy/issues/947

tommyjcarpenter avatar Sep 26 '16 15:09 tommyjcarpenter

Someone forked Leptus and the first two commits I see is titled "fixed cors origin port issue" and "added new cors headers" https://git.teknorota.com/yekmyk/leptus

Not sure if that yields any hints..

tommyjcarpenter avatar Sep 26 '16 15:09 tommyjcarpenter

The same issue here. @sinasamavati do you have thoughts on this?

lukyanov avatar Apr 10 '17 06:04 lukyanov