Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot serve requests to other microservices #7

Open
Vitineth opened this issue Jul 4, 2020 · 6 comments
Open

Cannot serve requests to other microservices #7

Vitineth opened this issue Jul 4, 2020 · 6 comments
Assignees
@Lan2u

Comments

@Vitineth
Copy link
Contributor

Vitineth commented Jul 4, 2020

Describe the bug
When other microservices make requests to the gateway endpoints they fail the CORS preflight checks due to the wrong headers being applied to the response.

To Reproduce
docker-compose up the uems-hub project and load the /events endpoint of the frontend. It will show Loading... permenantly and the console will display cors preflight errors.

Expected behavior
Events should be loaded successfully from the gateway

Desktop (please complete the following information):

  • OS: Windows 10
  • Browser: Chrome
  • Version: 83.0.4103.116

Notes
Adding the following to app.ts fixes the problem temporarily but allows it to be requested from all domains (not sure if that is what we want)

app.use(function(req:any, res:any, next:any) {
  res.header("Access-Control-Allow-Origin", "*"); // update to match the domain you will make the request from
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, Authorization");
  next();
});
@Lan2u
Copy link
Member

Lan2u commented Jul 4, 2020

Which app.ts?

Will read further into this to consider the security implications of allowing all domains.

@Vitineth
Copy link
Contributor Author

Vitineth commented Jul 4, 2020

Which app.ts?

Will read further into this to consider the security implications of allowing all domains.

src/app.ts of this repo. As long as it's placed above the routes it should work because I got it working in very quick testing

@Lan2u
Copy link
Member

Lan2u commented Jul 4, 2020

What about using this https://www.npmjs.com/package/cors ?

@Lan2u
Copy link
Member

Lan2u commented Jul 4, 2020

It seems we should restrict the allowed origin to the front end origin (e.g. localhost:15300) and the allowed methods to POST, GET, PATCH, DELETE, OPTIONS - will look into doing this with the cors package.

@Lan2u Lan2u self-assigned this Jul 4, 2020
@Vitineth
Copy link
Contributor Author

Vitineth commented Jul 4, 2020

It seems we should restrict the allowed origin to the front end origin (e.g. localhost:15300) and the allowed methods to POST, GET, PATCH, DELETE, OPTIONS - will look into doing this with the cors package.

Would be good, we should probably base the origin off a configuration so there are minimal code changes when deploying into production. Cors package looks like a good option to make things clear and easy

@Lan2u
Copy link
Member

Lan2u commented Jul 4, 2020

It seems we should restrict the allowed origin to the front end origin (e.g. localhost:15300) and the allowed methods to POST, GET, PATCH, DELETE, OPTIONS - will look into doing this with the cors package.

Would be good, we should probably base the origin off a configuration so there are minimal code changes when deploying into production. Cors package looks like a good option to make things clear and easy

Potential solution in new gateway PR

@Vitineth Vitineth mentioned this issue Jul 4, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Lan2u Lan2u

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Vitineth @Lan2u