I've just deployed a node.js - vue.2.0 app to Google Cloud .
The vue.js 2.0 app is inside of the public node directory . Everything runs fine, except that all my queries to the web services are failing , inside of the habitual app.js node file, you know .. There are not calls to any other node server, that is why i even have tried localhost:8080 as a server name.
https://cedar-network-259109.appspot.com
All back end queries done from the app are failing :
POST
http://localhost:8080/getUsers
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/getUsers. (Reason: CORS request did not succeed).
I've also managed the app to call the google cloud server url : same error .
POST http://cedar-network-259109.appspot.com:8080/getUsers
It doesnt work neither.
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/getUsers. (Reason: CORS request did not succeed).
This app is correctly working when deployed on openode.io host : http://vue-starter-webpack-cli-4-node.openode.io/.
MongoDb Atlas is connected (0.0.0.0 wildcard).
QUESTION :
Do I have to configure cors on my google cloud app with this doc , using the strange command? :
https://cloud.google.com/storage/docs/configuring-cors
Thanks a lot !
EDIT : This is what I got when asking about my cors config, it looks like I haven't got any cors config ? :
C:\UwAmp\www\vue-starter-webpack-cli-4-node-gcloud>gsutil cors get gs://cedar-network-259109.appspot.com
gs://cedar-network-259109.appspot.com/ has no CORS configuration.
EDIT 2 :
I'm sending a CORS params to my google cloud app like this :
>gsutil cors set cors-json-file.json gs://cedar-network-259109.appspot.com
This is my cors-json-file.json file :
[
{
"origin": ["https://cedar-network-259109.appspot.com"],
"responseHeader": ["Content-Type"],
"method": ["GET", "POST","HEAD", "DELETE"],
"maxAgeSeconds": 3600
},
{
"origin": ["https://cedar-network-259109.appspot.com:8080"],
"responseHeader": ["Content-Type"],
"method": ["GET", "POST","HEAD", "DELETE"],
"maxAgeSeconds": 3600
}
]
There is still an error :
POST https://cedar-network-259109.appspot.com:8080/getUsers
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://cedar-network-259109.appspot.com:8080/getUsers. (Reason: CORS request did not succeed).
There are my informations :
>gsutil cors get gs://cedar-network-259109.appspot.com
[{"maxAgeSeconds": 3600, "method": ["GET", "POST", "HEAD", "DELETE"], "origin": ["https://cedar-network-259109.appspot.com:8080"], "responseHeader": ["Content-Type"]}]
And my Request URL:https://cedar-network-259109.appspot.com:8080/getUsers headers :
Host: cedar-network-259109.appspot.com:8080
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: application/json, text/plain, */*
Accept-Language: fr,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate, br
Referer: https://cedar-network-259109.appspot.com/
Origin: https://cedar-network-259109.appspot.com
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 0
My app.yaml file :
runtime: nodejs
env: flex
manual_scaling:
instances: 1
resources:
cpu: 1
memory_gb: 0.5
disk_size_gb: 10
EDIT 3 : Modified my node app.js backend with this code :
const cors = require("cors");
app.use(
require("cors")({
origin: function(origin, callback) {
callback(null, origin);
},
credentials: true
})
);
to this :
app.use(
require("cors")({
origin: "https://cedar-network-259109.appspot.com",
credentials: true
})
);
With no luck ! Please help me !
If the resources you are trying to access are stored on Google Cloud Storage then you'll need to enable CORS as explained on the documentation you mention. If the resources you are trying to access files hosted by another Google App Engine app you need to modify your app.yaml file as explained on the documentation.
Related
Firebase authentication works just fine in localhost, but in a google cloud run project in production it fails with just a 403, no details of why the error
Here is the headers:
> POST /api/account/auth2/ HTTP/2 Host: appsite.com User-Agent: Mozilla/5.0
> (Macintosh; Intel Mac OS X 10.15; rv:95.0) Gecko/20100101 Firefox/95.0
> Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip,
> deflate, br Referer: https://appsite.com/ Content-Type:
> application/x-www-form-urlencoded; charset=UTF-8 X-CSRFToken:
> 6cpDY8qOBRK9XqfWcuLX6eujG85AmOnHp...b5f0j0t7tHy5rmAWCcEDw
> X-Requested-With: XMLHttpRequest Content-Length: 1251 Origin:
> https://appsite.com Connection: keep-alive Cookie:
> csrftoken=6cpDY8qOBRK9XqfWcuLX6eujG85AmOnHpi4IR9rRd...Hy5rmAWCcEDw
> Sec-Fetch-Dest: empty Sec-Fetch-Mode: cors Sec-Fetch-Site: same-origin
> TE: trailers
And yes I have the domain name added in the firebase auth domains.
Any help here will be great.
I am using the google gloud python google-auth=2.3.3
decoded_token = auth.verify_id_token(token)
uid = decoded_token["uid"]
And my Javascript: const provider = new
firebase.auth.GoogleAuthProvider();
$('.googleLogin').click(async function () {
const provider = new firebase.auth.GoogleAuthProvider();
// [START auth_google_provider_scopes]
const credential = await firebase.auth().signInWithPopup(provider);
const idToken = await firebase.auth().currentUser.getIdToken();
// Send Token to Back End
return handleMethod(idToken)
});
This was a CSRF verification failed.
I had to use postman to figure out what was happening.
In case someone else faces the same problem.
Forbidden (403)
CSRF verification failed. Request aborted.
I've found a lot of CORS-related questions, but none of them solved my problem. As I'm quite new to web-dev, I'd appreciate any help with getting my project infrastructure up and running.
My application is made of two parts:
Server part
A server made with Haskell, Servant. The most important endpoint I've been trying to connect to is:
type Unprotected =
"login"
:> ReqBody '[JSON] Credentials
:> Verb 'POST 204 '[JSON] (Headers '[Header "Set-Cookie" SetCookie, Header "Set-Cookie" SetCookie] NoContent)
It's based on the project described here: https://github.com/haskell-servant/servant-auth
I've already found a SO question about CORS: CORS header ‘Access-Control-Allow-Origin’ missing in servant, but that didn't help.
During development I launch the server on port 8081.
UI Part
I have also a UI project, that's hosted independently on port 8833. It uses WebPack. I've also found some SO posts regarding CORS, advising to use:
devServer: {
headers: {
"Access-Control-Allow-Origin": "*",
"Access-Control-Allow-Credentials": "true",
"Access-Control-Allow-Methods": "GET, POST, PUT, DELETE, PATCH, OPTIONS",
"Access-Control-Allow-Headers": "X-Requested-With, content-type, Authorization"
}
That didn't help either.
Problem description:
When I make a "fetch" call in the UI project, trying to communicate with the Servant endpoint I get:
Access to fetch at 'http://localhost:8081/login' from origin 'http://localhost:8833'
has been blocked by CORS policy: Response to preflight request doesn't pass access control
check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an
opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource
with CORS disabled.
The way I use fetch:
let data = {
credentialsUserName: this.state.login,
credentialsPassword: this.state.password
};
let opts : RequestInit = {
method: "POST",
headers: new Headers({ "Content-Type": "application/json" }),
body: JSON.stringify(data)
};
fetch("http://localhost:8081/login", opts).then((value) => {
console.log(value);
// do something later
});
Questions
What shall I do in order to make the fetch work fine with the servant endpoint. Also, is there anything wrong with my application architecture ? Maybe there's a better way to design it.
Last thing: The entire code of my application is quite long, so I decided to put only to most important parts here. Feel free to request more if needed.
Edit 1
After sending the fetch request I can see two entries in "Network" tab in my browser.
The first one with the following headers:
content-type: application/json
Referer: http://localhost:8833/Login
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
and json data I included in its body. It's status is "(failed) net::ERR_FAILED".
The other's status is 400 and contains more headers:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Connection: keep-alive
Host: localhost:8081
Origin: http://localhost:8833
Referer: http://localhost:8833/Login
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-site
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.83 Safari/537.36
Interestingly, In "General" tab I can see:
Request URL: http://localhost:8081/login
Request Method: OPTIONS
Status Code: 400 Bad Request
Remote Address: 127.0.0.1:8081
Referrer Policy: no-referrer-when-downgrade
Request Method "OPTIONS" looks mysterious. Why is it there ?
As a quick guess I tried adding "OPTIONS" to CORS definition on Haskell side, but no luck this time either:
port :: Int
port = 8081
corsPolicy :: Middleware
corsPolicy = cors (const $ Just policy)
where
policy = simpleCorsResourcePolicy
{ corsMethods = [ "GET", "POST", "PUT", "OPTIONS" ]}
main :: IO ()
main = do
migrateDB
jwtConfig <- getJwtConfig
putStrLn $ "Serving endpoint " ++ (show port)
run port $ corsPolicy $ serveWithContext proxy (context cookieConfig jwtConfig) (appAPI cookieConfig jwtConfig)
EDIT 2
Thanks for the help - I've managed to configure Servant, here it is:
corsPolicy :: Middleware
corsPolicy = cors (const $ Just policy)
where
policy = simpleCorsResourcePolicy
{
corsMethods = [ "GET", "POST", "PUT", "OPTIONS" ],
corsOrigins = Just (["http://localhost:8833"], True),
corsRequestHeaders = [ "authorization", "content-type" ]
}
The remaining part of Main as in my previous listing.
By default Haskell CORS doesn't accept any headers. Not even "Content-Type", which I intend to send.
Using the azure-iot-device sdk for node works in a standalone node program. When trying to use the same node code in a React web app, the connection to the IoT Hub fails "iothub-errorcode: InvalidProtocolVersion" with this error:
stream.js:61 WebSocket connection to 'wss://my-iothub.azure-devices.net/' failed: Error during WebSocket handshake: Unexpected response code: 400
App.js
var Protocol = require('azure-iot-device-mqtt').Mqtt;
var Client = require('azure-iot-device').Client;
var connectionString = "HostName=my-iothub.azure-devices.net;DeviceId=<redacted>;SharedAccessKey=<redacted>=";
var client = Client.fromConnectionString(connectionString, Protocol);
var connectCallback = function (err) {
if (err) {
console.error('Could not connect: ' + err.message);
}
...
};
client.open(connectCallback);
Headers (From Chrome dev tools)
Request URL: wss://my-iothub.azure-devices.net/
Request Method: GET
Status Code: 400 Bad Request
Content-Length: 158
Content-Type: application/json; charset=utf-8
Date: Wed, 02 Oct 2019 21:18:10 GMT
iothub-errorcode: InvalidProtocolVersion
Server: Microsoft-HTTPAPI/2.0
Accept-Encoding: gzip, deflate, br
Accept-Language: en-US,en;q=0.9
Cache-Control: no-cache
Connection: Upgrade
Host: my-iothub.azure-devices.net
Origin: http://localhost:3000
Pragma: no-cache
Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Sec-WebSocket-Key: <redacted>
Sec-WebSocket-Protocol: mqtt
Sec-WebSocket-Version: 13
Upgrade: websocket
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_0)
Possibly related to: https://github.com/Azure/azure-sdk-for-js/issues/3473#issuecomment-499719031
I am assuming you are trying to utilise IOT hub from your react web app which is deployed in Microsoft Azure , if this is the case, please try the following:
what you need to check is the web app settings:
Set the consumer group as mentioned in this link.
Enable WebSocket.
Additional reference , please check the code repo and documentation around IOT HUB usage in web app, which is mentioned below:
https://learn.microsoft.com/en-us/azure/iot-hub/iot-hub-live-data-visualization-in-web-apps
https://github.com/Azure/azure-iot-sdk-node/blob/master/device/ts-samples/sample_device.ts
When trying to redirect the user to the login page, I always get this error:
Response to preflight request doesn't pass access control check: The
value of the 'Access-Control-Allow-Origin' header in the response must
not be the wildcard '*' when the request's credentials mode is
'include'. Origin 'null' is therefore not allowed access. The
credentials mode of requests initiated by the XMLHttpRequest is
controlled by the withCredentials attribute.
On my express application, I already implemented CORS:
var corsOptions = {
origin: 'http://localhost:4200',
credentials: true
}
app.use(cors(corsOptions));
Then I try to redirect the user:
router.use(function(req,res,next){
if((req.session.user == null){
res.redirect('http://localhost:4200' + '/login')
}
else
next();
});
On Angular 4 I'm sending all requests with {withCredentials : true}, because I'm using cookies;
These are the request/response headers:
Response:
Access-Control-Allow-Credentials:true
Access-Control-Allow-Origin:http://localhost:4200
Connection:keep-alive Date:Thu, 10 Aug 2017 12:09:55 GMT
Location:http://localhost:4200/login
set-cookie:semanaintegrada.session=s%3A6nieAv1pfn2V-2x7H4HbnqJFbYsgJmwy.hO1QKm%2Fgm6Kmso8pLCQ5zrZAVNhIYgfr%2BgzOB0oI9UA;
Path=/; Expires=Thu, 10 Aug 2017 13:09:55 GMT
Transfer-Encoding:chunked Vary:Origin X-Powered-By:Express
Request:
Accept:application/json, text/plain, / Accept-Encoding:gzip, deflate,
br Accept-Language:pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4
Cache-Control:no-cache Connection:keep-alive Content-Length:39
content-type:application/json
Cookie:semanaintegrada.session=s%3AwuiVwYs3Ahs4dfLULfpqMBcrnbthY7sZ.OYZk%2FCnZGHAe8v1T8nWpbAdFQVsXjUFAQxnYI27%2FZlE
Host:localhost:3000 Origin:http://localhost:4200 Pragma:no-cache
Referer:http://localhost:4200/ User-Agent:Mozilla/5.0 (Windows NT
10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.90 Safari/537.36
Also, in Chrome there are 4 requests that are created ( I dont know why ).
3 to my express app
and 1 to localhost:4200
The last one have Access-Control-Allow-Origin:* and Origin null
Could this be related?
"credentials flag" refers to XMLHttpRequest.withCredentials of the request being made, not to an Access-Control-Allow-Credentials header.
If the request's withCredentials is true, Access-Control-Allow-Origin: * can't be used, even if there is no Access-Control-Allow-Credentials header.
I'm trying to load the socketstream application with express and cors, which is throwing an error stating 404. All the project directories are available in browser but no contents.
var app = require('express')();
var ss = require('socketstream');
var cors = require('cors');
ss.client.define('main', {
view : 'app.html',
css : [],
code : [],
tmpl : '*'
});
app.use(cors());
app.get('/', function(req, res) {
res.serve('main');
});
ss.start(app.listen(port));
And this is the response in browser
Headers
Remote Address:"RemoteAddress":"Port"
Request URL:http://"RemoteAddress":"Port"/_serveDev/code/app/someFile.js?ts=1449057700740&pathPrefix=app
Request Method:GET
Status Code:404 Not Found
Request headers
Connection:keep-alive
Content-Length:76
Content-Type:text/html; charset=utf-8
Date:Wed, 02 Dec 2015 12:03:20 GMT
X-Content-Type-Options:nosniff
X-Powered-By:Express
Response headers
Accept:*/*
Accept-Encoding:gzip, deflate, sdch
Accept-Language:en-US,en;q=0.8
Cache-Control:max-age=0
Connection:keep-alive
Host:"RemoteAddress":"Port"
Referer:http://"RemoteAddress":"Port"/
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.86 Safari/537.36
Update
The app.html is getting loaded in browser but 404 is only for scripts and css that is being requested from app.html.
Thanks.
Try to change the permissions of the files by running
sudo chmod 777 -R *
in the code directory.