FAIRDataPoint icon indicating copy to clipboard operation
FAIRDataPoint copied to clipboard
verified publisher icon FAIRDataTeam

v1.17.1: cannot login from client? [CORS header ‘Access-Control-Allow-Origin’ missing?]

Open byte-for-byte opened this issue 1 year ago • 1 comments

What components are related to the issue?

API

Which FDP are you using?

My local instance

Version

https://github.com/FAIRDataTeam/FAIRDataPoint.git
https://github.com/FAIRDataTeam/FAIRDataPoint-client.git

What happened?

I installed FAIRDataPoint

git clone https://github.com/FAIRDataTeam/FAIRDataPoint.git
mvn spring-boot:run -Dspring-boot.run.profiles=development

and FAIRDataPoint-client

git clone https://github.com/FAIRDataTeam/FAIRDataPoint-client.git
npm install
# create the public/config.js as shown in the docs
npm run serve

which shows:

DONE  Compiled successfully in 14751ms                                                                                                                                           11:46:07 AM
App running at:
- Local:   http://my_hostname:8081/
- Network: http://my_hostname:8081/

When I browse (FF, Chrome) to http://my_hostname:8081/, I get the landing page; selecting the login link and entering a default user credentials as mentioned in the documentations, I get "Login failed". The users are in the postgresql DB and I can also retrieve a token through the API for the users at http://localhost:8080/tokens .

Looking at the browser's console log:

XHR OPTIONS
http://localhost:8080/tokens
CORS Missing Allow Origin
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/tokens. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403.

Is this intended? Please let me know if I am missing something?

TIA

Relevant log output

No response

byte-for-byte avatar May 29 '24 09:05 byte-for-byte

Hm... No reaction for 3 months. Is this project discontinued? Could an author please give a quick comment on this question? I am trying to figure out if I should be patient longer or abandon this (in principal) great tool. Thanks.

byte-for-byte avatar Aug 26 '24 05:08 byte-for-byte

Hi @byte-for-byte, please allow me to summarize your issue, just to make sure I understand correctly:

  • The users are in the postgresql DB [...]

    This suggests you are using the develop branch, not the tagged v1.17.1, because the latter uses mongodb instead of postgresql. Is that correct?

  • Looks like you've mapped 127.0.0.1 to my_hostname and are visiting the FDP-client through http://my_hostname:8081/, instead of the default http://localhost:8081.

  • I assume you are also running npm run serve -- --host my_hostname (or something equivalent), otherwise I would expect an Invalid Host Header response from the FDP-client.

If the above is true, then your request Origin header will be http://my_hostname:8081, whereas your Host header is localhost:8080. The fact that the Origin does not match the Host implies that you're making a cross-origin request.

The CORS Missing Allow Origin message suggests that the response from the FDP server does not include the Access-Control-Allow-Origin header.

Apparently, the FDP is configured to disallow CORS for this endpoint, even though, to the untrained eye (mine), it looks like CORS should be allowed for all origins:

https://github.com/FAIRDataTeam/FAIRDataPoint/blob/1e33bfdbdd10673370fc5a3a7e819401eb62b685/src/main/java/org/fairdatapoint/api/filter/CORSFilter.java#L57

I've been able to reproduce this behavior on my system. Currently looking into the exact cause.

[!NOTE] Note that the issue does not arise if I visit the client using the default domain name http://localhost:8081.

dennisvang avatar Oct 31 '24 11:10 dennisvang

Not sure why the original CORSFilter does not work, but a modern CORS configuration does seem to fix the issue.

dennisvang avatar Nov 01 '24 14:11 dennisvang