8000 Question: what about CORS ? · Issue #69 · wekan/wekan-snap · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Question: what about CORS ? #69

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
loic74 opened this issue Nov 21, 2018 · 12 comments
Closed

Question: what about CORS ? #69

loic74 opened this issue Nov 21, 2018 · 12 comments

Comments

@loic74
Copy link
loic74 commented Nov 21, 2018

How to enable Cross Origin Resource Sharing on snap version ?

I get this error message when I try to add a card via the API:
Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Thanks ;-)
xet7 added a commit to wekan/wekan that referenced this issue Dec 3, 2018
@xet7
- Add CORS https://enable-cors.org/server_meteor.html
b75fafc 
- Add missing LDAP and TIMER environment variables.

Thanks to xet7 !

Closes wekan/wekan-snap#69
@loic74
Copy link
Author
loic74 commented Dec 4, 2018

Thank you for this feature. Unfortunately, this still doesn't work for me with 1.80 version, after a sudo snap set wekan cors='*'...
Access to XMLHttpRequest at **** from origin **** has been blocked by CORS policy: Request header field Authorization is not allowed by Access **** Control-Allow-Headers in preflight response.

@xet7 xet7 reopened this Dec 4, 2018
@xet7
Copy link
Member
xet7 commented Dec 4, 2018

snap config has extra commas , so I will remove them, maybe cors will work after that in next Wekan release.

xet7 added a commit to wekan/wekan that referenced this issue Dec 4, 2018
@xet7
- Remove extra commas , and add missing backslash \.
bfca182 
  Maybe after that login, logout and CORS works.

Thanks to xet7 !

Related #2045,
related wekan/wekan-snap#69
xet7 added a commit to wekan/wekan that referenced this issue Dec 4, 2018
@xet7
- Remove extra commas , and add missing backslash \.
b5ccf7a 
  Maybe after that login, logout and CORS works.

Thanks to xet7 !

Related #2045,
related wekan/wekan-snap#69
@xet7
Copy link
Member
xet7 commented Dec 4, 2018

@loic74

Please test Wekan v1.81 is this now fixed ?

@xet7
Copy link
Member
xet7 commented Dec 5, 2018

@loic74

Please test Wekan v1.82 , is this now fixed ?

@loic74
Copy link
Author
loic74 commented Dec 5, 2018
edited
Loading

Same error with 1.82.
Request header field Authorization is not allowed by Access-Control- 8000 Allow-Headers in preflight response.

Here is my code:

var params = {
"title": "test",
"description": "add a card",
"authorId": "HBzQr4mCvpgjMYbzv",
"swimlaneId": "FyRMVhQ4YnntiPxXP"
};

var xhr = new XMLHttpRequest();
xhr.open("POST", url);
xhr.setRequestHeader('Authorization', 'Bearer ' + 'xxx...');
xhr.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
xhr.send(JSON.stringify(params));

@xet7
Copy link
Member
xet7 commented Dec 5, 2018

@loic74

With curl I see that * header is in wekan. Did you login to API first first to get valid bearer key, before doing API request?

For complete example, see https://github.com/wekan/wekan-gogs

@xet7
Copy link
Member
xet7 commented Dec 5, 2018

Login needs to be made with username and password of admin that has access to Admin Panel.

@loic74
Copy link
Author
loic74 commented Dec 5, 2018

With curl I see that * header is in wekan. Did you login to API first first to get valid bearer key, before doing API request?

Not in the same script, but I use a valid token (generated via Postman) for testing. Moreover, by using the same token via Postman, card creation works fine.

Login needs to be made with username and password of admin that has access to Admin Panel.

Yes, I use admin credentials.

@xet7
Copy link
Member
xet7 commented Dec 5, 2018

Please give more descriptive details what is the problem.

@loic74
Copy link
Author
loic74 commented Dec 5, 2018

Thank you for your help. Finally, I changed my method. Instead of executing the code client-side , I use a php page that executes the code server-side. It works fine.

@loic74 loic74 closed this as completed Dec 5, 2018
@erezsdev
Copy link
erezsdev commented Jun 5, 2020

Is there any fix for this? I am using the latest version and still setting cors='*' not working, which makes the API useless if not using from the same host.

Access to XMLHttpRequest at 'http://****:3001/users/login' from origin 'http://localhost:4200' has been blocked by CORS policy: Request header field content-type is not allowed by Access-Control-Allow-Headers in preflight response.

@xet7
Copy link
Member
xet7 commented Jun 5, 2020

@erezsdev

Yes, see wekan/wekan#2429 that is already in Wekan

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@xet7 @loic74 @erezsdev
0