e2o
commented
8 years ago @mgoubert
Closed e2o closed 6 years ago
e2o
commented
8 years ago @mgoubert
signalpoint
commented
8 years ago @EnzoEghermanne What URL do you use to access the Drupal site? What URL do you use to access the web app?
I'm guessing it is a cross site request problem, i.e. they must run in the same domain, and can't operate in different domains or sub domains, unless some type of CORS policy is opened up.
e2o
commented
8 years ago The drupal site is located on http://whoiswho.drupal.dev/
The app is located on http://whoiswho-app.drupal.dev/
They are on the same server:
\\192.168.0.27/www/drupal.dev2/whoiswho/ and
\\192.168.0.27/www/drupal.dev2/whoiswho-app/
So what you are saying is, that it's not possible to have the app running outside of the Drupal site?
kentr
commented
8 years ago Deleting this comment as it covers ground already covered.
signalpoint
commented
8 years ago @EnzoEghermanne I've only had success running them in the same domain in production, e.g.
\192.168.0.27/www/drupal.dev2/whoiswho/ \192.168.0.27/www/drupal.dev2/whoiswho/app
or headless:
\192.168.0.27/www/drupal.dev2/whoiswho/ \192.168.0.27/www/drupal.dev2/whoiswho/drupal
Otherwise some type of CORS and/or server configuration is the only way around it AFAIK. I also saw that with the latest version of Cordova, there is a new <meta> tag to be placed in the index.html file that allows an app to choose which domains/wildcards it would like to open up for communication, but I'm not entirely sure that is useful outside of a compiled Cordova environment (e.g. web apps).
kentr
commented
8 years ago @EnzoEghermanne Maybe the trusted_host_patterns setting?
ashzade
commented
8 years ago Any update on this? I am also getting 403 from an outside directory.
signalpoint
commented
8 years ago Is your app operating in the same domain as you're Drupal website? If not, you are probably dealing with a cross origin request problem
On Aug 28, 2016 12:28 PM, "ashzadeh" notifications@github.com wrote:
Any update on this? I am also getting 403 from an outside directory.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/easystreet3/jDrupal/issues/44#issuecomment-242983962, or mute the thread https://github.com/notifications/unsubscribe-auth/AAo9pECJplrsKILibFuUJtTA5_sEZaE_ks5qkbcpgaJpZM4IjQnT .
ashzade
commented
8 years ago It is not but I am already posting to the site (allowed anon users to post a content type to test) using these headers in my settings.php:
header("Access-Control-Allow-Origin: *");
header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization, Accept-Encoding, Cache-Control');
header('Access-Control-Allow-Credentials: true');
I also have both domains in my trusted_host_patterns.
I noticed if I log jDrupal, the sitePath is blank. I've set it in the head of my index.html like the example in this repo. Perhaps that's the issue: I'm not actually connected to the Drupal site.
kentr
commented
8 years ago Is this with Apache? Can you access any file in that sub-directory directly via the browser?
I've been unable to access files in sub-directories before. I assumed it was due to Drupal's .htaccess file.
Kent Richards
On Aug 28, 2016, at 10:04 AM, ashzadeh notifications@github.com wrote:
It is not but I am already posting to the site (allowed anon users to post a content type to test) using these headers in my settings.php:
header("Access-Control-Allow-Origin: *"); header('Access-Control-Allow-Headers: Origin, Content-Type, X-Auth-Token , Authorization, Accept-Encoding, Cache-Control'); header('Access-Control-Allow-Credentials: true');
I also have both domains in my trusted_host_patterns.
— You are receiving this because you commented. Reply to this email directly, view it on GitHub, or mute the thread.
ashzade
commented
8 years ago I ended up going a different authentication route. I could GET and POST content (on publicly accessible content) but just couldn't figure out how to authenticate. Now I use basic auth in my header. I know that in 8.2, there are supposed to be authentication endpoints.
romest
commented
7 years ago Hi,
I have a same problem on a project Drupal 8.2.
Did you find a solution to solve this problem ?
Romest
e2o
commented
7 years ago @romest Have you tried these new endpoints introducted in Drupal 8.2? (https://www.drupal.org/node/2720655)
Also, check out this issue: https://github.com/easystreet3/jDrupal/issues/49
vispamir
commented
7 years ago Hi,
I have a same problem on a project Drupal 8.2 and use jDrupal on another domain. I have the following settings on services.yml : ` cors.config:
enabled: true
# Specify allowed headers, like 'x-allowed-header'.
allowedHeaders: ['*']
# ['x-csrf-token','authorization','content-type','accept','origin','x-requested-with','x-allowed-header', 'x-auth-token']
# Specify allowed request methods, specify ['*'] to allow all possible ones.
allowedMethods: ['*']
# Configure requests allowed from specific origins.
allowedOrigins: ['*']
# Sets the Access-Control-Expose-Headers header.
exposedHeaders: false
# Sets the Access-Control-Max-Age header.
maxAge: 1000
# Sets the Access-Control-Allow-Credentials header.
supportsCredentials: true`
Hello again,
I'm encountering some issues with logging in after i moved my application from outside of my drupal folder.
This structure works:
This one doesn't:
When having my application inside my drupal installation: the following plays out when i call the login function:
And everything works, the user get's authenticated as expected. But when I call the login function from when my app is located outside the drupal installation, this is what i get:
Note: I enabled the CORS module and set it up correctly, as I can fetch resources like views from outside the drupal installation. I only get my 403 forbidden when trying to authenticate from outside the drupal folder.
I don't really see an issue with permissions being set up incorrectly, as they are working when I place my app folder inside my d8 installation.
Any ideas on where I'm going wrong?