ERR_CERT_AUTHORITY_INVALID | CORS Missing Allow Origin

[Syn91]

Hello!

After many trial and errors with installing the server i was finally able to ping and register an user per rest with the skfsclient. I'm trying to implement a webapplication with Angular accessing the SKFS per REST. I got a server at home which is accessable through dyndns. The SKFS and webapplication are both on the same vm. When im trying to send a post request from my angular webapplication i get the following error:

Chrome: ERR_CERT_AUTHORITY_INVALID Firefox: CORS Missing Allow Origin

My guess is either i have to change the SKFS/payara certificate (which i tried with letsencrypt unsuccessfully), or manage to somehow add the Access-Control-Allow-Origin header to your server.

Can someone guide me to a working solution?

Thank you in advance!

[DavidCBeach]

@Syn91

First, try adding a CORS extension to Chrome. This should allow cross origin request to be made. Second, try setting the accesscontrolalloworigin property on the SKFS. This can be done by editing the following file on the SKFS: /usr/local/strongkey/appliance/etc/appliance-configuration.properties Add the following line: applicance.cfg.property.accesscontrolalloworigins=[origin to allow] with [origin to allow] being replaced with the origin of your Angular application.

[Syn91]

Thank you for the fast response!

My Angular WebApp is running on the same machine as the SKFS. I've tried to apply the accesscontrolalloworigin property to my dyndns ,which leads to my WebApp, without success. Making a POST request with POSTMAN to https://dyndns:8181/skfs/rest/preregister works flawless (with a small warning that its an self signed certificate).

The CORS extension didnt help either.

I will try to provide a graph tmr, which hopefully makes it easier to understand my setup.

[samasiMerini]

Hello,

I have the same issue using FIDO-enabled Key Management Application

Chrome: ERR_CERT_AUTHORITY_INVALID Firefox: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://[my-domain-name]/sfakma/fido2/isLoggedIn. (Reason: CORS request did not succeed). Status code: (null).

How we can fix this issue ? and how i can use my trusted certificate in this server?

thank you in advance;

[push2085]

Hi @samasiMerini , As per David's comment above (https://github.com/StrongKey/fido2/issues/160#issuecomment-926014554), have you tried adding a CORS extension for your browser to see if it allows it or have you tried changing the property?

Let us know if noone of that works and we can debug more. Thank you

[samasiMerini]

Hi @push2085 ,

Thank you for your response , i bypass the ERR_CERT_AUTHORITY_INVALID in chrome by typing thisisunsafe in the error page and it work.

now i have an other problem, i don't know why the web application kma send request without port 8181 ? https://myserver.com/sfakma/fido2/isLoggedIn (failed)net::ERR_CONNECTION_REFUSED https://myserver.com/sfakma/fido2/registerEmail (failed)net::ERR_CONNECTION_REFUSED

Thank you

[push2085]

Hi @samasiMerini , There should be a property set for the URL which may have been configured without port 8181. 1) You can either update that property "sfakma.cfg.property.apiuri" in the file "/usr/local/strongkey/sfakma/etc/sfakma-configuration.properties" and restart glassfish web server.

2) Add firewall port forwarding rules to forward 443 to 8181 so that you dont need to specify 8181 in the URL