I`m trying to access one of our local APIs with buildfire.js
and getting cross domain error
is this something I need to overcome using a configuration in buildfire.js ?
I have already allowed CROS in my local service
Related
I have the frontend and backend on cloud run, each whit his own service, but when I put "internal traffic" on the backend API, It doesn't work, give me 403 since the frontend and it is another service of the same project, and in the documentation says that internal means "only for the same project" so...
two services since the same project are not internal traffic?
I think that is because I use a custom domain and not the exact URL of the service but I am not sure because here says that the custom domains are allowed too.
So what do I have to do to auth my frontend service on cloud run?
I tried whit JWT auth, but there is a better option, isn't it
Cloud Run services set to internal only accepts traffic coming from the VPC network. In order to connect to a Cloud Run service that's serving internal traffic, the connecting service must be attached to a VPC connector. In this case, you need to setup Serverless VPC access connector as mentioned in this note:
For requests from other Cloud Run services or from Cloud Functions in the same project, connect the service or function to a VPC network and route all egress through the connector, as described in Connecting to a VPC network. Note that the IAM invoker permission is still enforced.
For authenticating between service-to-service, you can simply fetch an ID token from the Compute medatada server. You can do that on any GCP compute environment (Cloud Run, App Engine, Compute Engine, etc.). You can follow the steps provided in this documentation.
two services since the same project are not internal traffic?
Two services in the same project should be considered as internal traffic.
I believe what you need to do is follow the authentication steps with token as recommended here (service to service authentication):
https://cloud.google.com/run/docs/authenticating/service-to-service
https://cloud.google.com/run/docs/securing/service-identity#per-service-identity
Please note that even though you've set the ingress traffic to internal, the IAM role cloud run invoker is still needed for the service account.
I am getting error while accessing the Azure App Service, can you help in resolving the issue ?
What setting to be applied to resolve the issue ?
Thanks in advance.
This error comes either
When the public access is not allowed on Azure App Service, if you have open public API.
The IP of your application with which you are calling the app service is not whitelisted.
If you have any gateway in between then that may also be blocking your calls.
Solutions to try:
Try removing the access restrictions from Networking page of your web app.
Try giving the access to all by adding 0.0.0.0/0. Later you can add restrictions based on your requirements.
The sequence of the restrictions matters, so please check that once. If you have any blocked call before any allowed call, then it may impact.
You can also have restrictions based on http-headers like X-Forwarded-For. Please check that once. This can happen from code as well, based on how you handle the errors. Link
If your API is behind the Gateway, then you can check this: Application Gateway integration with service endpoints
Are you the developer of this website?
If you are, please navigate to Networking page of your web app, check the Access Restrictions.
If you are not the developer, just contact your administrator and allow your ip to access this website.
For more information, see Azure App Service access restrictions.
I have developed an application which is hosted on an iPaas provider. This application has to make a REST API call to a service which is running inside an AWS EC2 instance.
Please note that the application is not pushed to AWS. In order to do so, I've to provide access to the cloud provider so that the REST call can be made successfully to the API residing in AWS. That means, in order to make a successful REST call, my application (hosted on some cloud) has to get permission from AWS (where a service is hosted and to which the application is making REST request). But AWS doesn't provide the option to enter the URL. How can we make this possible?
You should look up the documentation of your Cloud Provider.
They for sure must have provided you with the public IP of the machine made available to you.
Another way of solving your problem could be by using the ping command. If you trying to ping the URL of your cloud provider, it will show you the IP address.
But here one issue you may encounter is, depending on your cloud providers size there could be more than one machines which may be providing the service
and it may happen that the IP provided by ping command and the IP of the machine where your app is pushed may be different and your purpose may not be fulfilled.
Here you may try to use the network masks (which you use while providing the access to any IP in AWS security groups)
Try providing access to a supernet.
Or you can also explore the usage of some standard tools like "tracert", "traceroute", "nslookup"
We've implemented a setup as follows:
App Service Environment having different app services exposing different APIs. This instance is configured as an internal instance, so no public access.
We've configured an internal (private) DNS zone. This zone is used to create internal URLs for the API's.
API Management instance which is exposed to the outside. Here the API's need to be registered using the Swagger files exposed by the APIs themselves.
Everything is contained within the same VNet.
Now what we see is two things:
From a VM inside the VNet, I can browse the URL of the API without any issue and download the Swagger file.
When we try to register the API within API management, it throws an error stating the file could not be downloaded. When we register manually and then try to call the API, we get a DNS resolve error.
So it seems as if the API Management instance is not able to resolve our custom DNS zone as setup in Azure. I could not find any information that tells me whether this scenario is supported or not. Any pointers that might help find the problem are very welcome indeed.
Update when we register the API via uploading a file and then try to call one of the API methods, the following error appears:
The remote name could not be resolved
This same address resolved just fine from a VM within the exact same VNet.
I have the same issue, when I look for online, the below solution looks promising. It is self-explanatory, DNS forwarded need to enable between vnets. More information is here
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances.md#name-resolution-that-uses-your-own-dns-server
I'm trying to access a third party service from Azure App Services (ideally Functions, but a Web App would do). However this service is hosted on a non-standard port, e.g. https://myservice.com:445
I'm using the System.Net.Http.HttpClient to make a POST request, but consistently get a SocketException:
An error occurred while sending the request. Unable to connect to the remote server An attempt was made to access a socket in a way forbidden by its access permissions 1.2.3.4:445
The code works on my local environment (Functions emulator or Kestrel), but fails on Azure. I tried using a service hosted on a regular https endpoint, e.g. https://myotherservice.com, and the call goes through normally.
I'm assuming there is some sort of outbound firewall rule that's preventing the fist call, but I haven't found any configuration option to disable this. Is it possible? I unfortunately cannot change the endpoint of the service I need to call.
After checking your application, I did indeed find that those outgoing requests were being blocked by the infrastructure.
I was also able to find public documentation covering those ports here:
https://github.com/projectkudu/kudu/wiki/Azure-Web-App-sandbox#restricted-outgoing-ports