Comments (11)
Right! That seems to be what's happening here. We'll need to support OPTIONS
to get this to work. I'll rename this issue accoridngly.
from seasocks.
Hi there!
When you do the writer->header(...)
stuff, does the header actually make it into the header of the reply? Or does it appear in the body?
You can test with curl
for example:
curl -D- http://localhost:1234/path/to/your/thing
``` (assuming GET here, but there are arguments to make it PUT etc)
the `-D-` says "output the headers to stdout`, so you should see them, followed by a blank line, followed by the body.
We can definitely add CORS support, but it _should_ be "just" adding the headers. My guess is that isn't working here!
from seasocks.
Thanks for the response! Here is my command, and the response. Seems like it's correctly returning the header, as expected:
~ # curl -D- --request GET '192.168.1.203:80/config/param?category=holter¶mName=framSizeBytes'
HTTP/1.1 200 OK
Server: 1.3.2
Date: Thu, 22 Apr 2021 18:50:25 GMT
Access-Control-Allow-Origin: *
Content-type:
Access-Control-Allow-Origin: *{"value":1048576}
A few things to note: Our endpoint is dangled off of the main page handler - wouldn't our endpoint returning the CORS header as shown above come AFTER the preflight failure, meaning it would never have a chance to take effect? That matches what we're seeing in practice; When any of our Seasocks REST endpoints are hit, we typically see a journal that we're servicing endpoint "X/Y/Z". We're not seeing that here, so it seems like it's dead ended before it even has a chance to return that header.
from seasocks.
It actually looks like it's in there twice....
and yes, grepping the code we already put Access-Control-Allow-Origin: *
in our messages! (Connection.cpp)...!
So, as best I can tell the CORS is working...but
my guess is the "preflight" it's talking about is doing a HEAD
or something? can you wireshark capture and see if that's the case (I'm clutching at straws here; we don't support HEAD right now but could...I think. It's bee a while...)
from seasocks.
OK, here's a Wireshark trace from what we're seeing. In this case, we have a PC running Chrome attempting to access the embedded Linux device running seasocks with page handlers - with a GET request of 'http://192.168.137.138/system/serial-number. The Chrome application returns the following error information:
Access to fetch at 'http://192.168.137.138/system/serial-number' from origin 'http://dpcpo-farga-132dtn1y09cpq-1698599008.us-east-1.elb.amazonaws.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.
cors-request-packet-trace-2021-04-26.txt
from seasocks.
Hi! Can you attach the packet capture itself instead of the text? It's much easier to debug in wireshark than in a text editor :) thanks!
from seasocks.
ah!
I was able to read enough:
Hypertext Transfer Protocol
OPTIONS /system/serial-number HTTP/1.1\r\n
Host: 192.168.137.138\r\n
is what was sent, which we don't support I think? Hard to tell
from seasocks.
Sorry, here's the full trace (I hope). Unfortunately, getting this secondhand, as I'm having device/networking issues.
The request should have been a GET of this URL: 'http://192.168.137.138/system/serial-number'.
cors-request-packet-trace-wireshark.zip
from seasocks.
We believe that the OPTIONS call is the pre flight check to ensure that the web domain is allowed to call that API. (Sorry, I'm not a HTTP expert; We believe this is part of the standard, so I'll apologize upfront if I have this wrong).
from seasocks.
Relevant docs: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#functional_overview
from seasocks.
and https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods/OPTIONS#preflighted_requests_in_cors
from seasocks.
Related Issues (20)
- Make Maximum Message Size Configurable HOT 1
- Own Error page support HOT 3
- Conform to conan licensing practices HOT 2
- Why does this API so strictly enforce thread management? HOT 1
- contiguous stream of data ? HOT 1
- PathHandler for /:id style API
- Title in readme HOT 2
- It's easy to get files outside of the static dir HOT 1
- Clarify use case and security disclosure etc
- unxi domain socket support for websocket
- Conan center build 1.4.5 failed HOT 12
- Clang 15 CI build uses ARM instead of x86_64 HOT 1
- Use Seasocks with makefile HOT 9
- Static link seasocks HOT 1
- Test migration to Catch 3.x
- Deleted HOT 2
- sending large HTTP responses doesn't work
- UTF-8 support
- type overflow _bytesSent
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from seasocks.