CORS issue
Trying to get thing stood up in AWS, however I'm running into a CORS issue.
I have the API running at https://novu.mydomain.com, and the web variant running at https://web-novu.internal.com.
I have set the
FRONT_BASE_URL environment to https://web-novu.internal.com/ and my NODE_ENV is production as per other CORS issues I found before creating this post. When I navigate to the login screen, and attempt to login, I get the CORS preflight error.
Currently running v0.15.028 Replies
Documented issue: https://github.com/novuhq/novu/issues/3602
Thanks for detailed information in issue
We will look into this
Any update or eta on a resolution? Or should we just pull back the version to 0.13? @Support
Hi @dr.really
Unfortunately Sorry, I can't give you ETA for this.
I would highly appreciate if someone from community can fix this
Untill then you can switch back to previous version
This is a pretty large breaking change for the latest version. I feel like this should take a priority to fix.
Can you confirm that this error was not happening for you in v.0.13 deploying in the same way as it is no? Also how are you deploying the project to AWS: k8s, docker, manual deployments?
Unfortunately we have experienced that most of the CORS problems are coming from misconfigurations by the users. 😕
We can't review individual configurations and deployments as it is out of our scope from the community solutions for self hosting, but we try our best to provide tips and potential solutions with the info provided.
Morning @pablo.fernandez.otero I'm updating the task def now and will let you know shortly about v0.13
For more context, I am deploying on AWS EC2 fargate, I did put my task definition in the issue linked above, I can drop it here if you'd like
@pablo.fernandez.otero quick question, the api, does it get it's CORS option from the
FRONT_BASE_URL environment variable?Yes, that's right. It validates against that environment variable.
Apologies, follow up question.
This is the error that I'm getting:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
When I attempt to login via the UI it throws that. If I login through the API directly via postman it works. Is there an additional environment variable I need to set for the UI?Could you show the cURL or request sent? As I mentioned before most of the CORS problems are coming from misconfigurations.
Also calls from Postman are not browser calls (Postman is like a Backend to Backend call). CORS is a policy enabled by browsers. So that's the reason why in Postman it works.
Another tip I can advise is to debug here https://github.com/novuhq/novu/blob/4b71ba025c44a422f6640da3a371a5fdb6470e2d/apps/api/src/bootstrap.ts#L149 what are the values set for the CORS policies, by debugging the values of
corsOptions and comparing them to the configured values in the environment variables and the values provided in the requests from the Web app.GitHub
novu/apps/api/src/bootstrap.ts at 4b71ba025c44a422f6640da3a371a5fdb...
The open-source notification infrastructure with fully functional embedded notification center - novu/apps/api/src/bootstrap.ts at 4b71ba025c44a422f6640da3a371a5fdb6470e2d · novuhq/novu
Will do! I'm also reaching out to our cloud engineers to ensure that AWS WAF isn't doing something strange with the request
That's an important point. If you have set up a firewall and it is blocking every request by default (it would make sense for security point of view) that might be affecting.
Also any kind of service that can redirect the calls that might be striping out the headers from the call or modifying them, in case you have a complex set up.
Alright, I just confirmed that if you change the NODE_ENV to
test it works. I was able to login with no CORS issue
That was on v0.14, trying 0.15
(no changes made to the firewall)That's a cheat and it is not recommended for production use.
It's the only way thats working
I can only advise that we, Novu, don't recommend that as a production solution because the security implications that disabling CORS imply.
Totally understandable
I'm trying different configurations to see which ones work, that's all 🙂
With the front base url, is it the full URL with
https:// or just the novu.mydomain.com?also, strangely, v0.15 isn't picking up the REDIS_HOST env either
This issue is caused by this: https://github.com/novuhq/novu/issues/3594#issuecomment-1592791709
Basically I guess you are setting right now NODE_ENV as
dev we have the configuration set for our needs as we would expect people to set for their environment NODE_ENV as prod because we expect them to use a final version for all environments and not modify the code.GitHub
[NV-2435] Feature: Create feature flag for IN_MEMORY_CLUSTER_MODE_E...
I'm submitting a... [] bug report feature request question about the decisions made in the repository [] question about how to use this project Summary I'm trying to run novu from the man...
ah, that makes sense. Apologies if I'm being annoying with all of this. Just trying to figure it out that's all 🙂
The requests are made always with the protocol so I suggest to add them. I am not sure if they would ever work without the protocol (the CORS) so I would go the safe bet of adding it.
Also check the protocol is the same as the one enabled.
No worries, happy to help. But as I mentioned before we don't give support for self hosted solutions though we try our best to point out to potential solutions.
I finally figured out what was going on. First, AWS WAF was stripping the initial
origin header, giving it instead the origin header of the application load balancer. Once I got the cloud engineers to get that stopped it started working properly and we successfully have v0.14 up and running!
Once last question, we have IN_MEMORY_CLUSTER_MODE_ENABLED set to false, but for some reason the api keeps saying that inMemory is down, but this is only on 0.15. The 0.15 variant of the Web Socket and Worker services are running fine, just the API. Do we need to set another variable?No, is what I mentioned in the previous message: https://discord.com/channels/895029566685462578/1119075100394786956/1120347592702820373
You need to set NODE_ENV to
production even in your non-production environments. If you set it to dev the .env.development config is set for our needs and there we are testing a Redis Cluster for usage for the Cache system.
If you have set NODE_ENV to production let us know your config as there might be any problem happening.Unknown User•12mo ago
Message Not Public
Sign In & Join Server To View
@Sinan, you just advanced to level 1!
@Sinan could you please reopen the support post you had open and we can discuss it there? I'd rather not have mixed conversations in this support post so it can be a good read for other users. 🙏
Unknown User•12mo ago
Message Not Public
Sign In & Join Server To View