Giter Site home page Giter Site logo

CORS problem in 1.1.0 about crow HOT 6 CLOSED

witcherofthorns avatar witcherofthorns commented on June 2, 2024
CORS problem in 1.1.0

from crow.

Comments (6)

witcherofthorns avatar witcherofthorns commented on June 2, 2024 1

Okay, we can probably consider this problem solved for now, the most important thing is that CORS generally works, i'll try to come back to this problem later. Thank you @junekhan
Hey @gittiver, i think we can close this problem and revision #771

from crow.

witcherofthorns avatar witcherofthorns commented on June 2, 2024

I dug a little into the source code, so far, this is the only crutch option to get CORS to work in v1.1.0. The problem is that the middleware CORSHandler does not work at all, I am still researching this issue and testing

source: routing.h

if (rules_matched)
{
    allow = allow.substr(0, allow.size() - 2);
    res = response(204);
    res.set_header("Allow", allow);
    res.end();
    found->method = method_actual;
    return found;
}

this work (crutch):

if (rules_matched)
{
    allow = allow.substr(0, allow.size() - 2);
    res = response(204);
    res.set_header("Allow", allow);
    res.add_header("Access-Control-Allow-Origin", "http://localhost:8080");
    res.add_header("Access-Control-Allow-Headers", "Origin, Content-Type, Accept");
    res.add_header("Access-Control-Allow-Methods", "*");
    res.add_header("Access-Control-Max-Age", "5");
    res.end();
    found->method = method_actual;
    return found;
}

I still have a feeling that something is wrong with the CORS middleware, because it doesn’t work at all, perhaps I don’t understand something, correct me if anything

source: cors.h

void before_handle(crow::request& /*req*/, crow::response& /*res*/, context& /*ctx*/) {
    CROW_LOG_DEBUG << "[CORS]: before_handle";
}

void after_handle(crow::request& req, crow::response& res, context& /*ctx*/) {
    CROW_LOG_DEBUG << "[CORS]: after_handle";
    auto& rule = find_rule(req.url);
    rule.apply(res);
}

But at the same time, any other middleware after a successful OPTIONS CORS request works without problems

source: my main.cpp

struct CORSTest {
    struct context{};

    void before_handle(crow::request& req, crow::response& res, context& ctx){
        CROW_LOG_INFO << "CORSTest before_handle";
    }

    void after_handle(crow::request& req, crow::response& res, context& ctx) {
        CROW_LOG_INFO << "CORSTest after_handle";
    }
};

I still haven't determined the reason for this behavior yet, but it seems to me that the problem lies somewhere in routing.h, I will try to look into this in more detail as soon as I have less work and more free time. If you know what the reason is, please reply to this message, thanks in advance

from crow.

gittiver avatar gittiver commented on June 2, 2024

Thanks for your investigation, I hadn't the time to look deeper into the issue.
unit test TEST_CASE("middleware_cors") checks only GET request.

from crow.

witcherofthorns avatar witcherofthorns commented on June 2, 2024

#771 This almost completely fixes the problem, but I found a strange anomaly, it feels like the response is limited by the number of headers returned 4

from crow.

junekhan avatar junekhan commented on June 2, 2024

@witcherofthorns It's probably an issue on your side if your CORS configured exactly as

App<CORSHandler> app;
    auto &cors = app.get_middleware<CORSHandler>();
    cors.global()
        .origin("http://localhost:8080")               // frontend vue-js host
        .allow_credentials()                           // just in case
        .methods("POST"_method, "GET"_method);

you're then supposed to see

HTTP/1.1 204 No Content
Access-Control-Allow-Headers: Accept, Origin, Content-Type, Authorization
Access-Control-Allow-Methods: POST, GET
Access-Control-Allow-Origin: http://localhost:8080
Access-Control-Allow-Credentials: true

without Access-Control-Max-Age: 5.

Is it possible that you touched the Crow code and forgot to revert?

from crow.

witcherofthorns avatar witcherofthorns commented on June 2, 2024

@junekhan Ok, check this and try send POST req
im using junekhan:bugfix/CORS-headers

App<CORSHandler> app;
auto &cors = app.get_middleware<CORSHandler>();
cors.global()
    .origin("http://localhost:8080")
    .headers(
        "Accept",
        "Origin",
        "Content-Type",
        "Authorization"
    )
    .allow_credentials()
    .max_age(10);

Yes, if you don’t specify max_age, then everything is fine

from crow.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.