search

openfaas / faas

OpenFaaS - Serverless Functions Made Simple
https://www.openfaas.com
MIT License
25.18k stars 1.94k forks source link

Can't influence CORS headers in async functions #1599

Closed bhale closed 3 years ago

bhale commented 3 years ago

My actions before raising this issue

I have read a lot of prior issues and documentation on how to work around CORS issues with functions in OpenFaas. For my backend sync functions, I have modified the templates slightly (python3-flask) to support an OPTIONS call to the backend in the CORS preflight check. A preflight check by calling with OPTIONS verb is done on POST, not on GET, so in the GET handler I can simply modify the flask response to include the CORS headers. To enable POST, you must have the extra step of making the app support an OPTIONS call, which the template does not.

(https://developer.mozilla.org/en-US/docs/Glossary/Preflight_request)

However, I was unable to resolve the issue for async-functions, since the HTTP request is fully managed by OpenFaas and hands it off to my function over NATS. I attempted to add the headers using the annotations available from ingress-nginx, but I believe OpenFaas is rejecting the OPTIONS request of the preflight check. The response code is 405.

Expected Behaviour

There should be an annotation, config map, helm values or otherwise that instructs the OpenFaas async functions handler to support returning CORS headers and supporting a valid 200 response to an OPTIONS request so that subsequent posts can be made. Ideally this would apply to sync endpoints as well, but there is a lot of OPTIONS-unfriendly stuff that lives in the templates as well. I would be happy to make a PR for some of the python ones if this is desirable.

Current Behaviour

OpenFaas async handler has no support for adding CORS headers, and rejects OPTIONS requests.

Steps to Reproduce (for bugs)

  1. make an async function that responds to a POST
  2. try to exercise it from an origin other than your FAAS server ingress, such as localhost
  3. see 405 response to the preflight OPTIONS check

Context

I am attempting to build APIs that could be consumed by others, including myself during development. I would like to deploy my JS frontend at a provider such as Netlify or Vercel and have it access my openfaas functions for dynamic content at runtime.

Your Environment

CLI: commit: c12d57c39ac4cc6eef3c9bba2fb45113d882432f version: 0.12.14

Gateway uri: http://faas.bhale.dev version: 0.20.1 sha: 7b6cc60bd9865852cd11c98d4420752815052918 commit: Fix Invocation count wrong for multiple namespace

Provider name: faas-netes orchestration: kubernetes version: 0.12.8 sha: e88c54c3854614fe02809c6931d544f74d64c6f0 Your faas-cli version (0.12.14) may be out of date. Version: 0.12.19 is now available on GitHub.

Next steps

You may join Slack for community support.

bhale commented 3 years ago

I still think it would be helpful to allow for a JavaScript app hosted on a different TLD to access the functions in OpenFaas, however I did some more work today and managed to package my NextJS app in a way that it could be run along side my other functions with a FunctionsIngress. That is a good feature - I plan to write a template for NextJS and blog post on what I did soon.