orchestracities / ngsi-timeseries-api

QuantumLeap: a FIWARE Generic Enabler to support the usage of NGSIv2 (and NGSI-LD experimentally) data in time-series databases
https://quantumleap.rtfd.io/
MIT License
38 stars 49 forks source link

How to manage CORS to consume data from QuantumLeap API #135

Open jcheca opened 5 years ago

jcheca commented 5 years ago

How disable CORS policy to consume data from QuantumLeap API.

chicco785 commented 5 years ago

Can you provide more information on your configuration to reproduce correctly the issue? Thanks

chicco785 commented 5 years ago

@jcheca any chance you can help us to reproduce the issue?

jcheca commented 5 years ago

Did you receive the detailed email I sent you ?, do you need more info ?

-- José Checa Claudel Universidad de Córdoba :: Campus Agroalimentario de Rabanales Edificio Ramón y Cajal :: Servicio de Informática-Sistemas 14071 - Córdoba

Tlfno: +34-(9)57-211041 - Fax: +34-(9)57-218116 e-mail: jcheca@uco.es mailto:jcheca@uco.es

El 25 ene 2019, a las 13:24, Federico M. Facca notifications@github.com escribió:

@jcheca https://github.com/jcheca any chance you can help us to reproduce the issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/smartsdk/ngsi-timeseries-api/issues/135#issuecomment-457557268, or mute the thread https://github.com/notifications/unsubscribe-auth/AGP65Fb8JczkjXoeoSFcz8t2Atdfk5QJks5vGvePgaJpZM4Z_3ch.

chicco785 commented 5 years ago

I did not :(

On Fri, 25 Jan 2019 at 13:36, José Checa Claudel notifications@github.com wrote:

Did you receive the detailed email I sent you ?, do you need more info ?

-- José Checa Claudel Universidad de Córdoba :: Campus Agroalimentario de Rabanales Edificio Ramón y Cajal :: Servicio de Informática-Sistemas 14071 - Córdoba

Tlfno: +34-(9)57-211041 - Fax: +34-(9)57-218116 e-mail: jcheca@uco.es mailto:jcheca@uco.es

El 25 ene 2019, a las 13:24, Federico M. Facca notifications@github.com escribió:

@jcheca https://github.com/jcheca any chance you can help us to reproduce the issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/smartsdk/ngsi-timeseries-api/issues/135#issuecomment-457557268>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AGP65Fb8JczkjXoeoSFcz8t2Atdfk5QJks5vGvePgaJpZM4Z_3ch .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/smartsdk/ngsi-timeseries-api/issues/135#issuecomment-457559910, or mute the thread https://github.com/notifications/unsubscribe-auth/AAvcAsxVmdTTtZiamw9ZfTrQuvHIHOqFks5vGvovgaJpZM4Z_3ch .

-- Dr. FEDERICO MICHELE FACCA CTO, Head of Martel Lab +41 788075838 MARTEL INNOVATE https://www.martel-innovate.com/ - INNOVATION, WE MAKE IT HAPPEN Click HERE to download Martel reports and white papers! https://www.martel-innovate.com/premium-content/ Follow us on TWITTER https://twitter.com/Martel_Innovate

jcheca commented 5 years ago

Transcribe again:

Thank you very much for your offer and quick response. I'm using a stack based on Docker, composed of Orion Context Broker, Mongo, Lora IoTAgent, UL IotAgent, QuantumLeap and crateDB deployed on a server. With this I have not had any problem, the cycle of the historical based on the subscriptions works correctly, I have been able to verify consuming the data from localhost with Grafana.

In principle I have the ports open to be accessible. On the other hand, in another team I am developing an application with Angular that consumes the data from the previous stack, Orion Context through 1026 port and QuatumLeap throught 8660 port.

I can access the context server from the Angular application, since the context server handles CORS through its execution with:

command: -dbhost ucoiot-mongo -corsOrigin __ALL -port 1026 -logLevel DEBUG

Also to the API of crateDB because, also in its initialization it can be configured with:

command: -Chttp.cors.enabled = true -Chttp.cors.allow-origin = "*" But it is not possible for QuantumLeap when I am outside from localhost. When I try to access by making a request from Angular (in the Angular development model, it deploys its own server through port 4200) to the server and port of QuantumLeap to consume data, an error appears in the browser that is missing from the CORS 'Access-header. Control-Allow-Origin ', and therefore does not let me consume anything.

I have made a fork of your API, to include 'flask-cors' because I have read that it was the module necessary for Flask to include this functionality, but I have not succeeded yet, I think because of the versions and dependencies. I have to keep trying.

Thank you very much for your attention.

-- José Checa Claudel Universidad de Córdoba :: Campus Agroalimentario de Rabanales Edificio Ramón y Cajal :: Servicio de Informática-Sistemas 14071 - Córdoba

Tlfno: +34-(9)57-211041 - Fax: +34-(9)57-218116 e-mail: jcheca@uco.es mailto:jcheca@uco.es

El 25 ene 2019, a las 13:40, Federico M. Facca notifications@github.com escribió:

I did not :(

On Fri, 25 Jan 2019 at 13:36, José Checa Claudel notifications@github.com wrote:

Did you receive the detailed email I sent you ?, do you need more info ?

-- José Checa Claudel Universidad de Córdoba :: Campus Agroalimentario de Rabanales Edificio Ramón y Cajal :: Servicio de Informática-Sistemas 14071 - Córdoba

Tlfno: +34-(9)57-211041 - Fax: +34-(9)57-218116 e-mail: jcheca@uco.es mailto:jcheca@uco.es

El 25 ene 2019, a las 13:24, Federico M. Facca notifications@github.com escribió:

@jcheca https://github.com/jcheca any chance you can help us to reproduce the issue?

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub < https://github.com/smartsdk/ngsi-timeseries-api/issues/135#issuecomment-457557268>, or mute the thread < https://github.com/notifications/unsubscribe-auth/AGP65Fb8JczkjXoeoSFcz8t2Atdfk5QJks5vGvePgaJpZM4Z_3ch .

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/smartsdk/ngsi-timeseries-api/issues/135#issuecomment-457559910, or mute the thread https://github.com/notifications/unsubscribe-auth/AAvcAsxVmdTTtZiamw9ZfTrQuvHIHOqFks5vGvovgaJpZM4Z_3ch .

-- Dr. FEDERICO MICHELE FACCA CTO, Head of Martel Lab +41 788075838 MARTEL INNOVATE https://www.martel-innovate.com/ - INNOVATION, WE MAKE IT HAPPEN Click HERE to download Martel reports and white papers! https://www.martel-innovate.com/premium-content/ Follow us on TWITTER https://twitter.com/Martel_Innovate — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/smartsdk/ngsi-timeseries-api/issues/135#issuecomment-457560879, or mute the thread https://github.com/notifications/unsubscribe-auth/AGP65N3hqID3C9RGbl_SY9FB8u-6Cmwsks5vGvs1gaJpZM4Z_3ch.

taliaga commented 5 years ago

Hi @jcheca, thanks for your thorough report. Did you manage to sort out the dependencies issue? Let me know if I could help you test something there.

Relying on flask-cors may be the way to go. We could even start simple with a "disabled / enable_all" policy and then move on to more advanced configurations for specific resources.

We're adding this issue in our roadmap, but I'll be happy to know how your tests went.

dnredson commented 5 years ago

Hi. I have the same problem with the CORS and I'd like to know if there is any new about that.

github-actions[bot] commented 3 years ago

Stale issue message

c0c0n3 commented 3 years ago

We should review this before closing it. Not sure we've covered all the bases...

github-actions[bot] commented 3 years ago

Stale issue message

Siedlerchr commented 3 years ago

What is the status here? It's really important to have CORS support when you are calling QL from a web-app. Currently we have to use a reverse proxy to set the proper CORS headers.

chicco785 commented 3 years ago

hi @Siedlerchr in our production set-up ql is behind an api manager, so cors and security are handled there.

this means that for us is not a priority, but hey, this is open source so happy if you contribute a pr for the issue. alternatively, if that's important and urgent for you and you don't want to code it yourself, you can sponsor it!