search

adrian-pavel / visual-nuget

Code for the Visual NuGet package manager extension for VS Code.
MIT License
30 stars 5 forks source link

Azure DevOps blocked by CORS policy #14

Closed palhal closed 2 years ago

palhal commented 2 years ago

This extension looks promising! However, I haven't been able to test it properly since we use a private NuGet server at Azure DevOps. When I select my custom package source, the console shows this error:

Access to XMLHttpRequest at 'https://pkgs.dev.azure.com/<my-account>/_packaging/<my-account>/nuget/v3/index.json' from origin 'vscode-webview://00kb1ob2qmam4vbu5d7jdeo7q95o0dc9bevqqrrnba97217bcmmh' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I have replaced my real account name with \<my-account>. Am I using a correct URL? Can you please provide an example URL for use with Azure DevOps?

adrian-pavel commented 2 years ago

Hello. When you configured the custom source, did you provide the authorizationHeader? Not sure if it matters or not but in my case for example the azure devops link looks something like this: "https://.pkgs.visualstudio.com/_packaging//nuget/v3/index.json". Just use whatever link appears in the "Connect to feed" page of your Artifacts repositori under Nuget section.

kmtchl commented 2 years ago

Just to piggyback on this one.

I've got the correct url for my custom feed but can't connect. I'm presuming the token for the authorization header is a PAT from azure devops, right? Or should it be coming from elsewhere.

Thanks

kmtchl commented 2 years ago

Nevermind, I've figured it out.

For anyone else who struggles, the PAT from AzureDevops needs to be base 64 encoded to before you can use it in the extension.

palhal commented 2 years ago

Sorry for the late reply @adrian-pavel. Yes, I provided the header like suggested in the readme.

... and today everything works! Perhaps the problem was at Azure's side. I see in the request to index.json that the server now responds with the following header:

access-control-allow-origin: *

I'm pretty sure that the header was missing earlier, so my hope was that you could change the code so that the request was sent without an origin. That won't be necessary :)

It's interesting that you're using the visualstudio.com domain. In my Connect to feed page I'm instructed to use pkgs.dev.azure.com and I can now confirm that it works.

adrian-pavel commented 2 years ago

@palhal Yeah, the connect page tells me to use visualstudio.com . It probably has something to to with when the account was created. My account is pretty old, since the days when it was called Visual Studio Online. Glad it's working for you now.