CORS failure about falcon-cors HOT 6 CLOSED

lwcolton commented on September 26, 2024

CORS failure

from falcon-cors.

Comments (6)

lwcolton commented on September 26, 2024

Sorry to hear about this, I'll take a look today when I'm off work and help you get it sorted out.

…

On Dec 19, 2017 10:14 AM, "Steven Gantz" ***@***.***> wrote: Any usage breaks the entire API. I have the following setup falcon==1.3.0 falcon-cors==1.1.7 gunicorn==19.7.1 json-logging-py==0.2 I am able to specify the "allow_origins_list" for localhost, but when I attempt to use a VM, the IP address is not constant and is sometimes different when accessed outside the corporate network. If I attempt to add the allow_all_origins header into the CORS call, the app is unresponsive and will not accept any connections. The same thing occurs if I try to place a wildcard into the allow_origins_list. I also cannot place the cors=public_cors call within any of my Resource objects. If I add a cors variable that links to the CORS() call at all, I can't make a connection to any of the Resource objects. Even if the IPs are listed in the allow_origins_list. Here are the needed excerpts of code: ` """ Falcon CORS for external testing and external access """ from falcon_cors import CORS ... public_cors = CORS(allow_origins_list=['http://localhost:3000'], allow_all_headers=True, allow_all_methods=True) ... class AuthDataResource: """ Falcon Authentication Resource """ *This is where if I try to add cors=public_cors I cannot access this or any other resource* def on_get(self, req, res): """ Handle incoming GET requests, return relevant info """ json = { 'version': VERSION, 'status': falcon.HTTP_200 } logger.info(req) res.media = json res.status = falcon.HTTP_200 logger.info(res) ... Falcon Application Instantiation with cors middleware API = application = falcon.API(middleware=[cors.middleware]) API.add_route('/api/v1/version', AuthDataResource()) API.add_route('/api/v1/auth', APIAuthenticationResource()) API.add_route('/api/v1/ui/auth', BasicAuthenticationResource()) API.add_route('/api/v1/auth/getToken', GetTokenAuthenticationResource()) ` I'm just really lost and the documentation or issues don't not anything like this. I'm building out a pretty decent sized API and I love using falcon, but this is a huge hang-up so far. — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#8>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABWuLhZFpjd_Cj_9CBBMpkLJ3ouTnYxxks5tB-D8gaJpZM4RHMy-> .

from falcon-cors.

StevenPG commented on September 26, 2024

Thanks @lwcolton , I've recreated the issue with other services as well.

from falcon-cors.

lwcolton commented on September 26, 2024

Can you use cURL or a similar http client to hit your endpoint outside of the browser, with CORS enabled, and see what happens? On Dec 19, 2017 12:40 PM, "Steven Gantz" <[email protected]> wrote: Thanks @lwcolton <https://github.com/lwcolton> , I've recreated the issue with other services as well. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#8 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABWuLhUIxn41H8RRwZR6qHK6M_YdHbxfks5tCAMmgaJpZM4RHMy-> .

from falcon-cors.

StevenPG commented on September 26, 2024

Sorry for the delay, with CORS enabled, everything works for Postman, but fails from cURL and my ReactJS application. With Falcon_cors implemented, the same thing occurs. The failure is "Request header field Content-Type is not allowed by Access-Control-Allow-Headers in preflight response."

The other one is the typical CORS one, URL not allowed due to origin.

Another team member ran their changes through our full CI/CD suite so I'm reverting some stuff in a test environment. It's always working from Postman and a web browser though.

Edit: It is working fine through cURL and Postman now that everything is back to how it was with falcon_cors setup. Still getting Content Type issue and origin errors from ReactJs App.

from falcon-cors.

StevenPG commented on September 26, 2024

Ok I have to apologize, I think I misread your readthedocs page...

I've gotten it working, and I had to include the single whitelisted URL.

This is the winning configuration:
cors = CORS(allow_origins_list=['http://localhost:3000'])
api = falcon.API(middleware=[cors.middleware])
public_cors = CORS(allow_all_origins=True, allow_all_methods=True, allow_all_headers=True)

When I remove localhost:3000 (which isn't where I'm hitting it from), then Content-Type issue appears and if I try to specify any specific headers, methods, or origins I seem to run into problems.

I even tried copying the request methods and headers into the response.

Thank you for building this library, sorry to waste some time!!

from falcon-cors.

lwcolton commented on September 26, 2024

No worries let me know if you still have issues happy to help even if it doesn't end up being a bug in falcon-cors

…

On Dec 19, 2017 1:14 PM, "Steven Gantz" ***@***.***> wrote: Closed #8 <#8>. — You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub <#8 (comment)>, or mute the thread <https://github.com/notifications/unsubscribe-auth/ABWuLiPbE_PDkjWpnhuGidKoeq8-WEX0ks5tCAsXgaJpZM4RHMy-> .

from falcon-cors.

CORS failure about falcon-cors HOT 6 CLOSED

Comments (6)

Related Issues (13)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent