search

lwcolton / falcon-cors

CORS support for Falcon: http://falconframework.org
Apache License 2.0
74 stars 15 forks source link

CORS failure #8

Closed StevenPG closed 6 years ago

StevenPG commented 6 years ago

Any usage breaks the entire API.

I have the following setup falcon==1.3.0 falcon-cors==1.1.7 gunicorn==19.7.1 json-logging-py==0.2

I am able to specify the "allow_origins_list" for localhost, but when I attempt to use a VM, the IP address is not constant and is sometimes different when accessed outside the corporate network.

If I attempt to add the allow_all_origins header into the CORS call, the app is unresponsive and will not accept any connections. The same thing occurs if I try to place a wildcard into the allow_origins_list.

I also cannot place the cors=public_cors call within any of my Resource objects. If I add a cors variable that links to the CORS() call at all, I can't make a connection to any of the Resource objects. Even if the IPs are listed in the allow_origins_list.

Here are the needed excerpts of code: ` """ Falcon CORS for external testing and external access """ from falcon_cors import CORS ... public_cors = CORS(allow_origins_list=['http://localhost:3000'], allow_all_headers=True, allow_all_methods=True) ... class AuthDataResource: """ Falcon Authentication Resource """

This is where if I try to add cors=public_cors I cannot access this or any other resource

def on_get(self, req, res):
    """ Handle incoming GET requests, return relevant info """
    json = {
        'version': VERSION,
        'status': falcon.HTTP_200
    }
    logger.info(req)
    res.media = json
    res.status = falcon.HTTP_200
    logger.info(res)

...

Falcon Application Instantiation with cors middleware

API = application = falcon.API(middleware=[cors.middleware]) API.add_route('/api/v1/version', AuthDataResource()) API.add_route('/api/v1/auth', APIAuthenticationResource()) API.add_route('/api/v1/ui/auth', BasicAuthenticationResource()) API.add_route('/api/v1/auth/getToken', GetTokenAuthenticationResource()) `

I'm just really lost and the documentation or issues don't not anything like this. I'm building out a pretty decent sized API and I love using falcon, but this is a huge hang-up so far.

lwcolton commented 6 years ago

Sorry to hear about this, I'll take a look today when I'm off work and help you get it sorted out.

On Dec 19, 2017 10:14 AM, "Steven Gantz" notifications@github.com wrote:

Any usage breaks the entire API.

I have the following setup falcon==1.3.0 falcon-cors==1.1.7 gunicorn==19.7.1 json-logging-py==0.2

I am able to specify the "allow_origins_list" for localhost, but when I attempt to use a VM, the IP address is not constant and is sometimes different when accessed outside the corporate network.

If I attempt to add the allow_all_origins header into the CORS call, the app is unresponsive and will not accept any connections. The same thing occurs if I try to place a wildcard into the allow_origins_list.

I also cannot place the cors=public_cors call within any of my Resource objects. If I add a cors variable that links to the CORS() call at all, I can't make a connection to any of the Resource objects. Even if the IPs are listed in the allow_origins_list.

Here are the needed excerpts of code: ` """ Falcon CORS for external testing and external access """ from falcon_cors import CORS ... public_cors = CORS(allow_origins_list=['http://localhost:3000'], allow_all_headers=True, allow_all_methods=True) ... class AuthDataResource: """ Falcon Authentication Resource """

This is where if I try to add cors=public_cors I cannot access this or any other resource

def on_get(self, req, res): """ Handle incoming GET requests, return relevant info """ json = { 'version': VERSION, 'status': falcon.HTTP_200 } logger.info(req) res.media = json res.status = falcon.HTTP_200 logger.info(res)

... Falcon Application Instantiation with cors middleware

API = application = falcon.API(middleware=[cors.middleware]) API.add_route('/api/v1/version', AuthDataResource()) API.add_route('/api/v1/auth', APIAuthenticationResource()) API.add_route('/api/v1/ui/auth', BasicAuthenticationResource()) API.add_route('/api/v1/auth/getToken', GetTokenAuthenticationResource()) `

I'm just really lost and the documentation or issues don't not anything like this. I'm building out a pretty decent sized API and I love using falcon, but this is a huge hang-up so far.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/lwcolton/falcon-cors/issues/8, or mute the thread https://github.com/notifications/unsubscribe-auth/ABWuLhZFpjd_Cj_9CBBMpkLJ3ouTnYxxks5tB-D8gaJpZM4RHMy- .

StevenPG commented 6 years ago

Thanks @lwcolton , I've recreated the issue with other services as well.

lwcolton commented 6 years ago

Can you use cURL or a similar http client to hit your endpoint outside of the browser, with CORS enabled, and see what happens?

On Dec 19, 2017 12:40 PM, "Steven Gantz" notifications@github.com wrote:

Thanks @lwcolton https://github.com/lwcolton , I've recreated the issue with other services as well.

— You are receiving this because you were mentioned.

Reply to this email directly, view it on GitHub https://github.com/lwcolton/falcon-cors/issues/8#issuecomment-352848591, or mute the thread https://github.com/notifications/unsubscribe-auth/ABWuLhUIxn41H8RRwZR6qHK6M_YdHbxfks5tCAMmgaJpZM4RHMy- .

StevenPG commented 6 years ago

Sorry for the delay, with CORS enabled, everything works for Postman, but fails from cURL and my ReactJS application. With Falcon_cors implemented, the same thing occurs. The failure is "Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response."

The other one is the typical CORS one, URL not allowed due to origin.

Another team member ran their changes through our full CI/CD suite so I'm reverting some stuff in a test environment. It's always working from Postman and a web browser though.

Edit: It is working fine through cURL and Postman now that everything is back to how it was with falcon_cors setup. Still getting Content Type issue and origin errors from ReactJs App.

StevenPG commented 6 years ago

Ok I have to apologize, I think I misread your readthedocs page...

I've gotten it working, and I had to include the single whitelisted URL.

This is the winning configuration: cors = CORS(allow_origins_list=['http://localhost:3000']) api = falcon.API(middleware=[cors.middleware]) public_cors = CORS(allow_all_origins=True, allow_all_methods=True, allow_all_headers=True)

When I remove localhost:3000 (which isn't where I'm hitting it from), then Content-Type issue appears and if I try to specify any specific headers, methods, or origins I seem to run into problems.

I even tried copying the request methods and headers into the response.

Thank you for building this library, sorry to waste some time!!

lwcolton commented 6 years ago

No worries let me know if you still have issues happy to help even if it doesn't end up being a bug in falcon-cors

On Dec 19, 2017 1:14 PM, "Steven Gantz" notifications@github.com wrote:

Closed #8 https://github.com/lwcolton/falcon-cors/issues/8.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/lwcolton/falcon-cors/issues/8#event-1394784583, or mute the thread https://github.com/notifications/unsubscribe-auth/ABWuLiPbE_PDkjWpnhuGidKoeq8-WEX0ks5tCAsXgaJpZM4RHMy- .