tangiel
commented
6 years ago Are you running on App Engine Flexible or Standard?
Closed caitlyn-organizer closed 6 years ago
tangiel
commented
6 years ago Are you running on App Engine Flexible or Standard?
caitlyn-organizer
commented
6 years ago Running on App Engine Standard @tangiel
tangiel
commented
6 years ago Can you show sample logs for a rejected request? There should be some information that indicates why a request fails.
caitlyn-organizer
commented
6 years ago @tangiel In the appengine service logs,
We first see an options request with a 200 response. 2018-02-26 14:40:53.428 PST OPTIONS 200 281 B 4.4 s Chrome 63 /_ah/api/firebaseauthtest/v2/firebaseendpoint?key=XXX
Then we see a GET request with a 404 response. 2018-02-26 14:40:57.941 PST GET 404 46 B 121 ms Chrome 63 /_ah/api/firebaseauthtest/v2/firebaseendpoint?key=XXX
On the client side console logs, we see
GET https://service-name-dot-project-id.appspot.com/_ah/api/firebaseauthtest/v1/firebaseendpoint?key=XXX 404 ()
Failed to load https://service-name-dot-project-id.appspot.com/_ah/api/firebaseauthtest/v1/firebaseendpoint?key=XXX: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://project-id.appspot.com' is therefore not allowed access. The response had HTTP status code 404.
tangiel
commented
6 years ago There should be log messages, rather than just the single line. Can you expand the request and post the contents inside?
caitlyn-organizer
commented
6 years ago @tangiel It looks like the URL in the request was wrong, thus a 404. I'm not sure why this resulted in "No 'Access-Control-Allow-Origin' header is present on the requested resource" error on the client side but it seems the Esp info on the release notes was not related to my problem. This is a non-issue and can be closed. Thanks
tangiel
commented
6 years ago Likely the error is because on a 404, the request is not handled by Endpoints, but the default app error handler, which does not add any CORS response headers. Or possibly the CORS handling is not triggered on Endpoints errors.
I am making a request from an appengine javascript frontend at project-id.appspot.com (default service) with a firebase id token to a cloud endpoint at service-name-dot-project-id.appspot.com. The cloud endpoint uses annotations for firebase auth (see below). However, the call from the client fails due to "No 'Access-Control-Allow-Origin' header is present on the requested resource." This does not happen without the firebase auth annotations on the endpoint. These release notes suggest it is due to EspAuthenticator preventing cross origin resource sharing: https://cloud.google.com/endpoints/docs/release-notes#january_2017. "By default, ESP will block cross-origin requests by rejecting all OPTIONS requests" - from release notes. It states that "allowCors" : "true" can be added to the openapi.json but the documentation is outdated. There is also no synonymous java annotation documented. How can I make a request from my default module front end to a non-default service cloud endpoint using firebase tokens? @Api( name = "firebaseauthtest", version = "v2", apiKeyRequired = AnnotationBoolean.TRUE, authenticators = {EspAuthenticator.class}, issuers = { @ApiIssuer( name = "firebase", issuer = "https://securetoken.google.com/" + PROJECT_ID, jwksUri = "https://www.googleapis.com/service_accounts/v1/metadata/x509/securetoken@system.gserviceaccount.com" ) }, issuerAudiences = { @ApiIssuerAudience(name = "firebase", audiences = PROJECT_ID) }, namespace = @ApiNamespace( ownerDomain = DOMAIN, ownerName = DOMAIN, packagePath = "myproject/endpoints" ) )