Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

v1.17.1: cannot login from client? [CORS header ‘Access-Control-Allow-Origin’ missing?] #549

Open
byte-for-byte opened this issue May 29, 2024 · 3 comments · May be fixed by #578
Open
Assignees

Comments

@byte-for-byte
Copy link

byte-for-byte commented May 29, 2024

What components are related to the issue?

API

Which FDP are you using?

My local instance

Version

https://github.com/FAIRDataTeam/FAIRDataPoint.git
https://github.com/FAIRDataTeam/FAIRDataPoint-client.git

What happened?

I installed FAIRDataPoint

git clone https://github.com/FAIRDataTeam/FAIRDataPoint.git
mvn spring-boot:run -Dspring-boot.run.profiles=development

and FAIRDataPoint-client

git clone https://github.com/FAIRDataTeam/FAIRDataPoint-client.git
npm install
# create the public/config.js as shown in the docs
npm run serve

which shows:

DONE  Compiled successfully in 14751ms                                                                                                                                           11:46:07 AM
App running at:
- Local:   http://my_hostname:8081/
- Network: http://my_hostname:8081/

When I browse (FF, Chrome) to http://my_hostname:8081/, I get the landing page; selecting the login link and entering a default user credentials as mentioned in the documentations, I get "Login failed".
The users are in the postgresql DB and I can also retrieve a token through the API for the users at http://localhost:8080/tokens .

Looking at the browser's console log:

XHR OPTIONS
http://localhost:8080/tokens
CORS Missing Allow Origin
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/tokens. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403.

Is this intended?
Please let me know if I am missing something?

TIA

Relevant log output

No response

@byte-for-byte byte-for-byte changed the title v1.17.1: cannot login from client? v1.17.1: cannot login from client? [CORS header ‘Access-Control-Allow-Origin’ missing?] May 29, 2024
@byte-for-byte
Copy link
Author

Hm... No reaction for 3 months. Is this project discontinued? Could an author please give a quick comment on this question? I am trying to figure out if I should be patient longer or abandon this (in principal) great tool. Thanks.

@dennisvang
Copy link
Contributor

dennisvang commented Oct 31, 2024

Hi @byte-for-byte, please allow me to summarize your issue, just to make sure I understand correctly:

  • The users are in the postgresql DB [...]

    This suggests you are using the develop branch, not the tagged v1.17.1, because the latter uses mongodb instead of postgresql. Is that correct?

  • Looks like you've mapped 127.0.0.1 to my_hostname and are visiting the FDP-client through http://my_hostname:8081/, instead of the default http://localhost:8081.

  • I assume you are also running npm run serve -- --host my_hostname (or something equivalent), otherwise I would expect an Invalid Host Header response from the FDP-client.

If the above is true, then your request Origin header will be http://my_hostname:8081, whereas your Host header is localhost:8080. The fact that the Origin does not match the Host implies that you're making a cross-origin request.

The CORS Missing Allow Origin message suggests that the response from the FDP server does not include the Access-Control-Allow-Origin header.

Apparently, the FDP is configured to disallow CORS for this endpoint, even though, to the untrained eye (mine), it looks like CORS should be allowed for all origins:

response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");

I've been able to reproduce this behavior on my system. Currently looking into the exact cause.

Note that the issue does not arise if you visit the client using the default domain name http://localhost:8081.

@dennisvang
Copy link
Contributor

Not sure why the original CORSFilter does not work, but a modern CORS configuration does seem to fix the issue.

@dennisvang dennisvang linked a pull request Nov 1, 2024 that will close this issue
@dennisvang dennisvang self-assigned this Nov 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants