Closed bradleySuira closed 6 years ago
@bradleySuira the CORS codes was moved to https://github.com/vechain/thor/commit/881778535a8b31eada1c30d95daefb5b5250eb4c#diff-604f4192deea5adf9c159e5f88f64630R71
I just tried to test with curl: start thor with
thor -network test -api-cors 'http://example.com'
Starting Thor/v1.0.2-41b0c69-release/darwin/go1.10.4
...
access with curl
curl -H "Origin: http://example.com" --verbose http://localhost:8669/blocks/0
and it outputs
* Trying 127.0.0.1...
...
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: http://example.com
...
which shows CORS is working.
Hi @qianbin thanks a lot for your response, but the behaviour in the browser is different vs CURL:
If CORS is ok we should receive in the response, the header Access-Control-Allow-Origin: xxxxx, if not, in the browser we get an error.
curl -H "Origin: http://slots.dbet.local:3007" -H "Host:slots.dbet.local" --verbose http://localhost:8669/blocks/0
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8669 (#0)
> GET /blocks/0 HTTP/1.1
> Host:slots.dbet.local
> User-Agent: curl/7.54.0
> Accept: */*
> Origin: http://slots.dbet.local:3007
No Access-Control-Allow-Origin: http://slots.dbet.local:3007 here
< HTTP/1.1 200 OK
< Content-Type: application/json; charset=utf-8
< X-Genesis-Id: 0x000000003a3e7437634e9ab026cd279a88a8f086c2f332421d424668ac976bc7
< Date: Mon, 03 Sep 2018 17:08:19 GMT
< Content-Length: 637
<
* Connection #0 to host localhost left intact
{"number":0,"id":"0x000000003a3e7437634e9ab026cd279a88a8f086c2f332421d424668ac976bc7","size":170,"parentID":"0xffffffff00000000000000000000000000000000000000000000000000000000","timestamp":1526400000,"gasLimit":10000000,"beneficiary":"0x0000000000000000000000000000000000000000","gasUsed":0,"totalScore":0,"txsRoot":"0x45b0cfc220ceec5b7c1c62c4d4193d38e4eba48e8815729ce75f9c0ab0e4c1c0","stateRoot":"0xaed7d0fab0bc7c920f7e74c5eb8c1919129130c323ffa52182574ff196b89901","receiptsRoot":"0x45b0cfc220ceec5b7c1c62c4d4193d38e4eba48e8815729ce75f9c0ab0e4c1c0","signer":"0x0000000000000000000000000000000000000000","isTrunk":true,"transactions":[]}%
@bradleySuira so the node was started with -api-cors 'http://slots.dbet.local:3007'
?
@bradleySuira I started the thor using docker with folllowing command
docker run -it -p 127.0.0.1:8669:8669 -p 11235:11235 -p 11235:11235/udp vechain/thor --network test --api-addr :8669 --api-cors "http://slots.dbet.local:3007"
# Starting Thor/v1.0.2-41b0c69-release/linux/go1.10.4
And I tried test using curl, it works for me
curl -H "Origin: http://slots.dbet.local:3007" --verbose http://localhost:8669/blocks/0
* Trying ::1...
* TCP_NODELAY set
* Connected to localhost (::1) port 8669 (#0)
> GET /blocks/0 HTTP/1.1
> Host: localhost:8669
> User-Agent: curl/7.54.0
> Accept: */*
> Origin: http://slots.dbet.local:3007
>
< HTTP/1.1 200 OK
< Access-Control-Allow-Origin: http://slots.dbet.local:3007
< Content-Type: application/json; charset=utf-8
< X-Genesis-Id: 0x000000000b2bce3c70bc649a02749e8687721b09ed2e15997f466536b20bb127
< Date: Tue, 04 Sep 2018 03:02:22 GMT
< Content-Length: 637
<
* Connection #0 to host localhost left intact
{"number":0,"id":"0x000000000b2bce3c70bc649a02749e8687721b09ed2e15997f466536b20bb127","size":170,"parentID":"0xffffffff00000000000000000000000000000000000000000000000000000000","timestamp":1530014400,"gasLimit":10000000,"beneficiary":"0x0000000000000000000000000000000000000000","gasUsed":0,"totalScore":0,"txsRoot":"0x45b0cfc220ceec5b7c1c62c4d4193d38e4eba48e8815729ce75f9c0ab0e4c1c0","stateRoot":"0x4ec3af0acbad1ae467ad569337d2fe8576fe303928d35b8cdd91de47e9ac84bb","receiptsRoot":"0x45b0cfc220ceec5b7c1c62c4d4193d38e4eba48e8815729ce75f9c0ab0e4c1c0","signer":"0x0000000000000000000000000000000000000000","isTrunk":true,"transactions":[]}%
@qianbin yes with -api-cors 'http://slots.dbet.local:3007'
.
Thanks @libotony, I think that I figure out whats the problem, It is related to docker-compose, for example, you can have issues with CORS, If you run:
docker run -it -p 8669:8669 -p 11235:11235 -p 11235:11235/udp vechain/thor --network test --api-addr :8669 --api-cors "http://slots.dbet.local:3007"
The difference is without the ip:port 127.0.0.1: 8669:8669, it's equivalent to our docker-compose, where the ip/port binding I think is not translated correctly, this is an example from docker-compose, as you can see, I tried to do the same ("127.0.0.1:8669:8669"), like you on command line docker run -it -p 127.0.0.1:8669:8669...
thor:
image: vechain/thor:latest
container_name: "thor-node"
ports:
- "127.0.0.1:8669:8669"
- "11235:11235"
- "11235:11235/udp"
command: --network test --api-addr 0.0.0.0:8669 --api-cors "http://localhost:3007, http://dbet.slots.local:3007"
volumes:
- ./data/.org.vechain.thor:/root/.org.vechain.thor
Thanks for your patience and all your help guys!, and sorry for the confusion. We need to figure out how to deal with this blocker with compose/kubernetes
I don't think it's a CORS problem. This is because the loopback address is bound by default. If you are using docker for mac, you need to add the --api-addr parameter when starting. I hope the official can indicate it in the documentation. @libotony
@libotony sorry, I didn't notice this detail before. This is my mistake
Hi there, the cors for the v1.0.2. is broken
OS Version:
Linux/OSX
Container
Commit hash
(I think that the problem it does look like this line): (https://github.com/vechain/thor/commit/881778535a8b31eada1c30d95daefb5b5250eb4c#diff-9451fba7d1d3546d6cea4605d78979f0L268)
Expected behavior
Allow requests from urls passed in --api-cors option.
Actual behavior
Get the error: Failed to load http://yourdomain:8669/blocks/0: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://yourdomain:PORT' is therefore not allowed access.
Steps to reproduce the behavior