Comments (4)
Probably not. Please provide some code (options callback and/or how the response is sent) and error messages from curl -vvv.
from cowboy.
Here is the options callback:
options(Req, State) ->
Req1 = utils:add_cors(Req,<<"GET, POST, OPTIONS">>),
io:format("Doing options (2): ~p~n",[Req1]),
{ok, Req1, State}.
( the io:format is there to see that the code is being called)
here is the code for add_cors()
add_cors(Req0, Methods) ->
Req1 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Credentials">>, <<"true">>, Req0),
Req2 = cowboy_req:set_resp_header(<<"Access-Control-Request-Headers">>, <<"*">>, Req1),
Req3 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Origin">>, <<"*">>, Req2),
Req4 = cowboy_req:set_resp_header(<<"Vary">>, <<"Origin, Accept-Encoding">>, Req3),
Req5 = cowboy_req:set_resp_header(<<"Access-Control-Allow-Methods">>, Methods, Req4),
cowboy_req:set_resp_header(<<"Access-Control-Max-Age">>, <<"20">>, Req5).
These same CORS values work on C++ using the Poco framework.
This is the result for running curl
$ curl -vvv -X OPTIONS "https://ucentral.dpaas.arilia.com:16063/api/v1/system?info"
* Trying 2600:1f13:f7c:6501:9312:c5c6:40f:c842:16063...
* connect to 2600:1f13:f7c:6501:9312:c5c6:40f:c842 port 16063 failed: Connection refused
* Trying 34.222.8.211:16063...
* Connected to ucentral.dpaas.arilia.com (34.222.8.211) port 16063 (#0)
* ALPN: offers h2
* ALPN: offers http/1.1
* CAfile: /etc/ssl/cert.pem
* CApath: none
* (304) (OUT), TLS handshake, Client hello (1):
* (304) (IN), TLS handshake, Server hello (2):
* (304) (IN), TLS handshake, Unknown (8):
* (304) (IN), TLS handshake, Certificate (11):
* (304) (IN), TLS handshake, CERT verify (15):
* (304) (IN), TLS handshake, Finished (20):
* (304) (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / AEAD-CHACHA20-POLY1305-SHA256
* ALPN: server accepted h2
* Server certificate:
* subject: CN=*.dpaas.arilia.com
* start date: Jan 24 00:00:00 2023 GMT
* expire date: Feb 11 23:59:59 2024 GMT
* subjectAltName: host "ucentral.dpaas.arilia.com" matched cert's "*.dpaas.arilia.com"
* issuer: C=GB; ST=Greater Manchester; L=Salford; O=Sectigo Limited; CN=Sectigo RSA Domain Validation Secure Server CA
* SSL certificate verify ok.
* Using HTTP2, server supports multiplexing
* Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0
* h2h3 [:method: OPTIONS]
* h2h3 [:path: /api/v1/system?info]
* h2h3 [:scheme: https]
* h2h3 [:authority: ucentral.dpaas.arilia.com:16063]
* h2h3 [user-agent: curl/7.85.0]
* h2h3 [accept: */*]
* Using Stream ID: 1 (easy handle 0x14280a800)
> OPTIONS /api/v1/system?info HTTP/2
> Host: ucentral.dpaas.arilia.com:16063
> user-agent: curl/7.85.0
> accept: */*
>
* Connection state changed (MAX_CONCURRENT_STREAMS == 4294967295)!
* HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
* Connection #0 to host ucentral.dpaas.arilia.com left intact
curl: (92) HTTP/2 stream 0 was not closed cleanly: PROTOCOL_ERROR (err 1)
Thanks for your help.
from cowboy.
The header names have to be given as lowercase. Cowboy doesn't lowercase them, it expects you to provide them already lowercase. Since it's using HTTP/2 and uppercase header names are forbidden in HTTP/2 that's probably the issue.
from cowboy.
Thanks @essen, changing the casing to lowercase has fixed the pre-flight. We are still seeing CORS issues but we've made progress. I was not aware of this lower-case HTTP/2 spec. I also see why our C++ framework worked: it only does HTTP1.1. So it all fits together neatly now.
I really appreciate your help.
from cowboy.
Related Issues (20)
- Cowboy/ranch protocol that can serve plain text and secure requests from the same port to different handlers
- Docs for `cowboy_stream` module include broken links HOT 2
- Reject responses that have explicit set-cookie HOT 7
- gunsmoke = gun + cowboy + tls + websocket HOT 3
- when use cowboy:start_tls can not connect HOT 7
- cowboy_clear's protocols option
- Document range requests in cowboy_rest and cowboy_static HOT 1
- 2.10 Getting Started: Makefile issue -- No rule to make target 'run' HOT 2
- Rewrite ws_autobahn to no longer use autobahn-testsuite HOT 2
- I want to use Cowboy 2.11's Websocket over HTTP/2 feature, How do I configure nginx HOT 2
- Apply routing constraint to […] bind? HOT 3
- Is cowboy affected by CVE-2023-46118 ? HOT 1
- Cookie Flexiblity HOT 2
- Response cookies must be set using cowboy_req HOT 1
- content_types_provided should be allowed to return the empty list when no Accept header is specified HOT 6
- HTTP/2: to many stream window size updates after connection window size update HOT 3
- Use async cancel_timer where applicable HOT 1
- Adding metadata/labels to a route? HOT 2
- which erlang version is supported? HOT 1
- Fix introduction supported OTP versions
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cowboy.