CORS with header sendback

[tommyjcarpenter]

I have followed this: #33

This correctly returns the origin.

However, how do you enable CORS support that depends on the Port too? I.e., how do you configure Leptus to return the header Access-Control-Allow-Origin: *? We have another service making ajax calls that is expecting that header, which seems to fail when only origin is returned without a port.

[gordonwoodhull]

In particular, if the origin contains a port specification (e.g. origin: http://example.com:8000), then we get a 500 Internal Server Error in response.

[sinasamavati]

In case you haven't seen the doc: https://github.com/s1n4/leptus/blob/master/docs/callbacks.org#cross_domains3

Could you pass '_' as the value of HostMatch, and then give me some logs if there would be any?

Like this:

cross_domains(_Route, _Req, State) ->
    {['_'], State}.

[sinasamavati]

Aha.
I need logs from your Erlang console. Could you provide Leptus logs?

[sinasamavati]

cross_domains(_Route, Req, State) -> {[""], State}.

That should be the atom '_' not the string.

[tommyjcarpenter]

OK running with:

cross_domains(_Route, _Req, State) -> {['_'], State}.

Here is a curl that does not specify a port:

curl -H "Origin: http://mydomain.com" --verbose http://135.207.127.211:7777/application/                                                                Mon Sep 26 11:20:03 2016
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com
>
< HTTP/1.1 200 OK
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:19:42 GMT
< content-length: 2
< content-type: application/json
< access-control-allow-origin: http://mydomain.com
<
* Connection #0 to host 135.207.127.211 left intact

This works as intended and shows the header access-control-allow-origin: http://mydomain.com.

But when we do:

curl -H "Origin: http://mydomain.com:8000" --verbose http://135.207.127.211:7777/application/
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com:8000
>
< HTTP/1.1 500 Internal Server Error
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:20:23 GMT
< content-length: 0
<
* Connection #0 to host 135.207.127.211 left intact

it blows up

[tommyjcarpenter]

Right now this is a REST service exposed to clients, so I will have to make some code changes to allow logs to penetrate through. Right now there are no logs that would be useful to you

[tommyjcarpenter]

Maybe this is a Cowboy issue, because it is blowing up but I don't see any Leptus logs.

Code:

get("/application", Req, State) ->
        erlang:display(gottohere),
        {200, {json, []}, State};

Working one without port:

curl -H "Origin: http://mydomain.com" --verbose http://135.207.127.211:77
77/application/
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com
>
< HTTP/1.1 200 OK
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:29:06 GMT
< content-length: 2
< content-type: application/json
< access-control-allow-origin: http://mydomain.com
<
* Connection #0 to host 135.207.127.211 left intact

Erlang console displays

gottohere

One with port that blows up:

curl -H "Origin: http://mydomain.com:8000" --verbose http://135.207.127.2
11:7777/application/
*   Trying 135.207.127.211...
* Connected to 135.207.127.211 (135.207.127.211) port 7777 (#0)
> GET /application/ HTTP/1.1
> Host: 135.207.127.211:7777
> User-Agent: curl/7.43.0
> Accept: */*
> Origin: http://mydomain.com:8000
>
< HTTP/1.1 500 Internal Server Error
< connection: keep-alive
< server: Cowboy
< date: Mon, 26 Sep 2016 15:29:41 GMT
< content-length: 0
<
* Connection #0 to host 135.207.127.211 left intact

Erlang consule displays

gottohere

[tommyjcarpenter]

Is cowboy's set_resp_header exposed in Leptus?

E.g., other people have solved this by directly setting headers like:

options(Req, State) ->
  Req1 = cowboy_req:set_resp_header(<<"access-control-max-age">>, <<"1728000">>, Req0),
  Req2 = cowboy_req:set_resp_header(<<"access-control-allow-methods">>, <<"HEAD, GET, POST">>, Req1),
  Req3 = cowboy_req:set_resp_header(<<"access-control-allow-headers">>, <<"content-type, authorization">>, Req2),
  Req4 = cowboy_req:set_resp_header(<<"access-control-allow-origin">>, <<$*>>, Req3),
  {ok, Req, State}.

from: ninenines/cowboy#947

[tommyjcarpenter]

Someone forked Leptus and the first two commits I see is titled "fixed cors origin port issue" and "added new cors headers" https://git.teknorota.com/yekmyk/leptus

Not sure if that yields any hints..

[lukyanov]

The same issue here. @sinasamavati do you have thoughts on this?