CORS issue?

[edeandrea]

Describe the bug

This came from https://github.com/quarkusio/quarkus-super-heroes/issues/687 - whats happening is I have a react app configured to talk to the Microcks dev service. Because its a browser request and my request is a POST, I'm getting a CORS issue because the React app is talking to a different port than where it was originally served from.

You can see its doing the CORS pre-flight request

which is then failing

How do I get around this?

Expected behavior

No response

Actual behavior

No response

How to Reproduce?

No response

Microcks version or git rev

quay.io/microcks/microcks-uber:nightly

Install method (docker-compose, helm chart, operator, docker-desktop extension,...)

Quarkus dev service

Additional information

No response

[lbroudoux]

Hey @edeandrea!

Is this a regression? Did you have it working when using the quay.io/microcks/microcks-uber:1.8.1 or the quay.io/microcks/microcks-uber:1.8.0 images? CORS pref-flight requests are supposed to work but we've made some changes lately... I'll have to dive into them.

Thanks,

[edeandrea]

To be honest I've been using the nightly image for a while. I can try some previous images if you'd like.

I think it was working at one point but to be honest I'm not sure I ever tried the POST request from the browser, so I can't be 100% sure it ever worked.

[lbroudoux]

Looks like we change the default value for Access-Allow-Credentials header. See https://github.com/Orange-OpenSource/microcks/commit/36dc55e1230867abec8fb0ec6ae67432e001f89c

Could you please try with putting the following configuration in application.properties:

quarkus.microcks.devservices.container-env.CORS_REST_ALLOW_CREDENTIALS=true

[edeandrea]

I'll give it a try tomorrow morning.

Thanks for the quick reply!

[lbroudoux]

We also have this issue/PR that is open and seems to be related to previous changes: https://github.com/microcks/microcks/pull/1061

[lbroudoux]

Hey Eric. This should be solved with https://github.com/microcks/microcks/issues/1082 Can you try a fresher nightly container image?

[edeandrea]

Using the new nightly image the CORS preflight request goes through, but then the subsequent POST fails.

If I use something like Postman to make the POST (no CORS involved), I get what I would expect back.

[lbroudoux]

Weird... Can you see the second request actually hitting the microcks server with some logs?

[edeandrea]

Nothing in the microcks log when I try to do the POST request in the browser. I'm getting this in the browser:

localhost/:1  Access to XMLHttpRequest at 'http://localhost:58521/rest/Fights+API/1.0/api/fights' from origin 'http://localhost:8080' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

[lbroudoux]

Ok. So it may be still related to this last one: https://github.com/microcks/microcks/pull/1085

[edeandrea]

If you need a good test bed for this the quarkus superheroes is easy to stand up (& is already configured with the microcks nightly image).

1. Clone https://github.com/quarkusio/quarkus-super-heroes
2. cd ui-super-heroes
3. ./mvnw clean quarkus:dev
4. Open browser to http://localhost:8080
5. Click the Fight button

[lbroudoux]

I will not be able to look at it in the coming hours as I'm speaking at a meetup. Will look at it probably tonight.

[edeandrea]

No worries.

Do you want me to try with

quarkus.microcks.devservices.container-env.CORS_REST_ALLOW_CREDENTIALS=true

?

[Apoorva64]

Can you make another screen with all the request headers?

Using the new nightly image the CORS preflight request goes through, but then the subsequent POST fails.

If I use something like Postman to make the POST (no CORS involved), I get what I would expect back.

[edeandrea]

I notice in the preflight request, the Access-Control-Allow-Headers response header doesn't contain Content-Type, which is a header present in the POST request.

Preflight request:

POST request:

[lbroudoux]

Hi @edeandrea, Our latest changes should fix this issue. Can you have another test on a fresh nightly image and confirm it?

[edeandrea]

Hi @lbroudoux the latest nightly image seems to work! Thanks for the quick work!

[lbroudoux]

Great 👍 BTW, have you checked https://github.com/microcks/microcks-testcontainers-java-spring-demo ? I plan to do the same thing for Quarkus. Would you be interested in helping or reviewing?

[edeandrea]

I'd definitely be interested in helping or reviewing!

[lbroudoux]

Working on it this Friday! I'll let you as soon as I get something that can be used.