Alfajores forno node does not allow cross-origin requests from browser

[aaronmboyd]

Expected Behavior

Connection to https://alfajores-forno.celo-testnet.org/ via @celo/celocli in a browser fails with CORs error. Issue started only after most recent Alfajores restart. Does not affect Baklava and RC1 forno endpoints.

Please review CORs settings and allow all origins on forno node.

Current Behavior

VM10:1 POST https://alfajores-forno.celo-testnet.org/ net::ERR_FAILED
(anonymous) @ VM10:1
push../node_modules/web3-providers-http/src/index.js.HttpProvider.send @ index.js:121
DefaultRpcCaller.send @ rpc-caller.js:259
CeloProvider.forwardSend @ celo-provider.js:428
CeloProvider.send @ celo-provider.js:314
push../node_modules/web3-core-requestmanager/src/index.js.RequestManager.send @ index.js:117
sendRequest @ index.js:572
send @ index.js:590
getCurrentBlockNumber @ utils.js:5
Faucet.getBlockNumber @ index.js:46
alfajores-faucet:1 Access to XMLHttpRequest at 'https://alfajores-forno.celo-testnet.org/' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

[aaronmboyd]

Using "@celo/contractkit": "^0.4.4"

[aaronmboyd]

Here's an attachment showing the issue in the simplest possible way. unit_test.zip

Unzip and yarn then yarn test, gives:

$ jest
  console.error
    Error: Cross origin http://localhost forbidden
        at dispatchError (/home/boyd/git/pretoria-research-lab/celo-alfajores-forno-cors/node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:62:19)
        at Object.validCORSHeaders (/home/boyd/git/pretoria-research-lab/celo-alfajores-forno-cors/node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:74:5)
        at receiveResponse (/home/boyd/git/pretoria-research-lab/celo-alfajores-forno-cors/node_modules/jsdom/lib/jsdom/living/xhr/XMLHttpRequest-impl.js:796:19)
        at Request.client.on.res (/home/boyd/git/pretoria-research-lab/celo-alfajores-forno-cors/node_modules/jsdom/lib/jsdom/living/xhr/XMLHttpRequest-impl.js:657:36)
        at Request.emit (events.js:198:13)
        at Request.onRequestResponse (/home/boyd/git/pretoria-research-lab/celo-alfajores-forno-cors/node_modules/request/request.js:1059:10)
        at ClientRequest.emit (events.js:203:15)
        at HTTPParser.parserOnIncomingClient [as onIncoming] (_http_client.js:556:21)
        at HTTPParser.parserOnHeadersComplete (_http_common.js:109:17)
        at TLSSocket.socketOnData (_http_client.js:442:20) undefined

      at VirtualConsole.on.e (node_modules/jsdom/lib/jsdom/virtual-console.js:29:45)
      at dispatchError (node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:65:53)
      at Object.validCORSHeaders (node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:74:5)
      at receiveResponse (node_modules/jsdom/lib/jsdom/living/xhr/XMLHttpRequest-impl.js:796:19)
      at Request.client.on.res (node_modules/jsdom/lib/jsdom/living/xhr/XMLHttpRequest-impl.js:657:36)

 FAIL  ./utils.test.js
  ✕ Alfajores - getCurrentBlockNumber() (2154 ms)
  ✓ Baklava - getCurrentBlockNumber() (266 ms)
  ✓ RC1 - getCurrentBlockNumber() (342 ms)

  ● Alfajores - getCurrentBlockNumber()

    Invalid JSON RPC response: ""

      at Object.InvalidResponse (node_modules/web3-core-helpers/src/errors.js:42:16)
      at XMLHttpRequest.request.onreadystatechange (node_modules/web3-providers-http/src/index.js:98:32)
      at XMLHttpRequest.el.addEventListener.event (node_modules/jsdom/lib/jsdom/living/helpers/create-event-accessor.js:32:32)
      at innerInvokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:330:27)
      at invokeEventListeners (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:281:3)
      at XMLHttpRequestImpl._dispatch (node_modules/jsdom/lib/jsdom/living/events/EventTarget-impl.js:228:9)
      at fireAnEvent (node_modules/jsdom/lib/jsdom/living/helpers/events.js:18:36)
      at requestErrorSteps (node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:117:3)
      at dispatchError (node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:59:3)
      at Object.validCORSHeaders (node_modules/jsdom/lib/jsdom/living/xhr/xhr-utils.js:74:5)
      at receiveResponse (node_modules/jsdom/lib/jsdom/living/xhr/XMLHttpRequest-impl.js:796:19)
      at Request.client.on.res (node_modules/jsdom/lib/jsdom/living/xhr/XMLHttpRequest-impl.js:657:36)
      at Request.onRequestResponse (node_modules/request/request.js:1059:10)

[safepayment]

+1.

Ideally Celo would be a open/public network, and should be like Access-Control-Allow-Origin: *. Not sure if the current restriction is an issue or by design.

[safepayment]

We met the same issue too for our demo, Celo Toolkit on Web.

The way I get around it is to add the proxy.

[aaronmboyd]

@safepayment Thanks for that workaround, I'm using this proxy now too. But still a fix on the source endpoint would be good.

[jcortejoso]

Could someone confirm if it works now? It seems it should work now:

await fetch('https://alfajores-forno.celo-testnet.org')
Response { type: "cors", url: "https://alfajores-forno.celo-testnet.org/", redirected: false, status: 200, ok: true, statusText: "OK", headers: Headers, body: ReadableStream, bodyUsed: false }

[aaronmboyd]

@jcortejoso Works for me with unit test as attached to issue:

$ jest
 PASS  ./utils.test.js
  ✓ Alfajores - getCurrentBlockNumber() (690 ms)
  ✓ Baklava - getCurrentBlockNumber() (247 ms)
  ✓ RC1 - getCurrentBlockNumber() (282 ms)

Test Suites: 1 passed, 1 total
Tests:       3 passed, 3 total
Snapshots:   0 total
Time:        2.347 s, estimated 5 s
Ran all test suites.
Done in 3.02s.

[safepayment]

It works for the Celo Web toolkit now. Thanks! @jcortejoso

[jcortejoso]

Nice thanks for checking!