elective-stereophonic
elective-stereophonic
CORS missing proper headers singapore
Please login or register.

Login with username, password and session length
Advanced search  

News:

Latest Stable Nxt Client: Nxt 1.12.2

Author Topic: CORS missing proper headers  (Read 1642 times)

pocesar

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
    • Github
CORS missing proper headers
« on: September 12, 2014, 08:35:54 am »

It seems that the cors response is missing proper headers:


Allow   GET, HEAD, POST, TRACE, OPTIONS
Content-Length   0
Server   Jetty(9.1.5.v20140505)


It should return something like:


Access-Control-Allow-Origin: http :// 127.0.0.1
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Max-Age: 1728000


I'm trying to reach it through the browser, since it uses different ports, the CORS request is failing because the answer is malformed
Logged
NXT-7TJT-8NS2-8QBS-5Y89X
1CrYPTXWaYDJ8fb92xkEncAcAVoMSmNk5w
https://github.com/pocesar

Tosch110

  • Hero Member
  • *****
  • Karma: +211/-18
  • Offline Offline
  • Posts: 2365
    • View Profile
Re: CORS missing proper headers
« Reply #1 on: September 13, 2014, 01:50:08 am »

are you sure in the nxt configuration file its set:

nxt.apiServerCORS=true

?

pocesar

  • Jr. Member
  • **
  • Karma: +1/-0
  • Offline Offline
  • Posts: 15
    • View Profile
    • Github
Re: CORS missing proper headers
« Reply #2 on: September 13, 2014, 05:14:56 am »

yes, and I'm using version 1.2.8 (set both nxt.apiServerCORS, even the old interface one)
Logged
NXT-7TJT-8NS2-8QBS-5Y89X
1CrYPTXWaYDJ8fb92xkEncAcAVoMSmNk5w
https://github.com/pocesar

mess

  • Newbie
  • *
  • Karma: +4/-0
  • Offline Offline
  • Posts: 10
    • View Profile
Re: CORS missing proper headers
« Reply #3 on: October 05, 2014, 07:20:22 pm »

Hello pocesar!

Sorry for the (very) late reply, I just got time to investigate this issue. If you were able to get around this issue let me know. I will post my investigation results anyways.

I created a very small webapp to test CORS support and it seems to be working right in the majority of the cases. The only exception is when the ajax request includes a custom header, and this is because the configuration needs to explicitly list any custom headers that it allows for any CORS request, not a wildcard '*'.

For example: some time ago, some of the popular JS libraries (e.g. jquery) were adding a 'X-Requested-With: XMLHttpRequest' header by default in HTTP requests to indicate  that the request was originated using Ajax. In order to make CORS work correctly, the server side CORS configuration should explicitly specify that it allows the 'X-Requested-With' header.
But now these JS libraries dropped that header and the configuration is not necessary unless the header is being explicitly added by the developer.

The other case is when the Content-Type header is other than application/x-www-form-urlencoded, multipart/form-data, or text/plain. In this case you need to explicitly specify in the server-side configuration that the Content-Type header is allowed. But the NXT UI specifies application/x-www-form-urlencoded since requests to the NXT API server do not include content in the request body, so the current configuration is fine.


Going back to your case, you said that:

I'm trying to reach it through the browser, since it uses different ports, the CORS request is failing because the answer is malformed

What are you trying to reach through the browser?

1) Is it the nxt UI?
2) Or are you trying to execute an API call through the browser so that it displays the response in the browser page?

AFAIK, in both cases, the HTTP request will not use CORS since in the first case the same server hosts the UI and the API server, and in the second case Ajax (javascript) is not used to fetch the contents. So in both cases CORS is not needed.

Did you verified that the 'nxt.allowedBotHosts' includes the ip address of the machine from which you are accessing the nxt instance?

- mess
Logged
 

elective-stereophonic
elective-stereophonic
assembly
assembly