search

khoih-prog / ESP_WiFiManager

This is an ESP32 / ESP8266 WiFi Connection Manager with fallback web configuration portal. Use this library for configuring ESP32 (including ESP32-S2 and ESP32-C3), ESP8266 modules' WiFi, etc. Credentials at runtime. You can also specify static DNS servers, personalized HostName, fixed or random AP WiFi channel. With examples supporting ArduinoJson
MIT License
371 stars 97 forks source link

Cors header not sent when saving wifi details, even when cors is enabled #80

Closed richardhawthorn closed 2 years ago

richardhawthorn commented 2 years ago

Context: When cors is enabled most pages send the specified cors header, however this header isn't sent when saving the wifi details.

To reproduce this:

  1. Enable CORS
  2. Make a GET request to http://192.168.4.1
  3. Check the headers, notice the cors header is present (Access-Control-Allow-Origin | *)
  4. Make a POST request to http://192.168.4.1/wifisave
  5. Check the headers

Expected behavior

When saving the wifi details you should see the cors header returned: Access-Control-Allow-Origin | *

Actual behavior

No cors header is returned on the wifisave endpoint

Steps to fix

If the following lines are added to the top of the ESP_WiFiManager::handleWifiSave() function then this solves the problem, as it returns the cors header when saving the wifi details

if USING_CORS_FEATURE

// New from v1.1.1, for configure CORS Header, default to WM_HTTP_CORS_ALLOW_ALL = "*"
server->sendHeader(FPSTR(WM_HTTP_CORS), _CORS_Header);

endif

Information

khoih-prog commented 2 years ago

Hi @richardhawthorn

Thanks for spotting the bug and the proposed fix.

To help other users (including me), could you please post more information about your use-case (without proprietary info) why CORS is necessary in local Config Portal (192.168.4.1)

Please also post the MRE so that I can duplicate the bug.

Regards,

khoih-prog commented 2 years ago

Hi @richardhawthorn

The new ESP_WiFiManager releases v1.10.2 has just been published. Your contribution is noted in Contributions and Thanks

Please test and verify the bug has flown away.

Best Regards,

Releases v1.10.2

  1. Send CORS header in handleWifiSave() function. Check Cors header not sent when saving wifi details, even when cors is enabled #80
  2. Optimize code by using passing by reference instead of by value
  3. Delete all confusing, function-lacking minimal examples
  4. Display informational warnings only when _WIFIMGR_LOGLEVEL_ > 3
richardhawthorn commented 2 years ago

To explain my use case: I have a web app that monitors and sends data to a set of devices, those devices connect via WiFi to send/receive data from the web server.

The device setup process is started through the web app on a customers computer/browser, which generates a key for that device. The customer then puts the device in setup mode (WiFiManager is started) and connects their computer to that device's network.

Through the browser they started the setup process with the web app queries the board using javascript (through a GET request to 192.168.4.1) to get a list of wifi networks the board has scanned. They select SSID, and enter their WiFi password.

Here the browser makes the POST request to 192.168.4.1/wifisave (again using javascript) sending not only the SSID and password, but also the key for the device (received as a custom field), plus any other setup details that need to be transfered.

The CORS headers are required on the 'wifisave' endpoint so the browser has the permission to make the POST request to save these details, without which the details can't be saved.

This makes the process of setting up a device much more streamlined, as they don't need to open a new browser window and copy/paste the setup data manually.

khoih-prog commented 2 years ago

Thanks for the helpful info.

I checked and verified the bug is actually my omission to include it as I did include in the twin library ESPAsync_WiFiManager

ESPAsync_WiFiManager-Impl.h#L1760-L1763

That's why I published the new release to address.