Thai-Preview Plans on the Action plan Report page not showing on some browsers

onaio / reveal-frontend

WebUI for the Reveal epidemiological surveillance platform

8 stars 4 forks source link

Thai-Preview Plans on the Action plan Report page not showing on some browsers #1671

Closed madrinekariuki closed 3 years ago

madrinekariuki commented 3 years ago

Thai preview instance

Noted that plans are not showing on the Action reporting page on some browers. This was tested using Chrome and Also Mozilla. On mozilla the plans were visible while on Chrome the plans were not visible and we are getting an error show below.(500 internal server error)

ciremusyoka commented 3 years ago

This is an issue with superset failing to set cookie.

https://supersetmhealth.ddc.moph.go.th/oauth-authorized/opensrp-preview request response error this set-cookie didn't specify a samesite attribute and was default to samesite=lax and was blocked ....

Screenshot from 2021-10-15 15-44-57

This is probably happening because we are using different domains.

@lincmba @ukanga The superset samesite config is set to none - SESSION_COOKIE_SAMESITE = None

lincmba commented 3 years ago

We are facing a CORS error and this is because of the difference in the domain names of the preview web and the production superset. A proper fix would be to change the domain name of the preview superset instance.

Meanwhile the following solutions should be attempted from superset side:

[x] Have CORS origin urls defined - didn't work
[x] Configure SUPERSET_WEBSERVER_DOMAINS to match CORS origin list -didn't work
[x] Set CORS send_wildcard to True - didn't work
[ ] Set CORS allow_headers to match CORS origin list

samkanga commented 3 years ago

@lincmba I can follow-up with CHAI on the possibility of getting a preview superset subdomain on the same domain as the production superset. Would that be anything with the *.ddc.moph.go.th domain?

lincmba commented 3 years ago

Yes, that will work.

ukanga commented 3 years ago

@samkanga Please note, that this will require a subdomain for only the Reveal-Web piece i.e web-preview.ddc.moph.go.th since Superset is already in place supersetmhealth.ddc.moph.go.th. The new subdomain is primarily only for Reveal-Web.

madrinekariuki commented 3 years ago

@ciremusyoka please note that this is now affecting other browsers. see below screenshot when I tried to access the plans via Mozilla.

samkanga commented 3 years ago

This has since been resolved.

madrinekariuki commented 2 years ago

This has also been tested on Thailand local instance and plans are showing well.