CORS issue for curling / requesting OGB script functions
I am trying to request the authenticate_user function, it is public. Here is the code:
33 Replies
Hey there!
What URL are you making the OpenGB API request from?
So here's what I think happened:
- We (erroneously) did not add the header
"Access-Control-Allow-Origin": "*" to the base case of serverHandler— essentially a 404 meant a CORS error.
- You probably do not have users specified in your backend.yaml
- This would mean that any /modules/users/scripts/*/call would be 404s because the runtime wasn't aware of the users module
I think the solution is:
1. Add users to your backend.yaml (should work after this)
2. Wait for us to merge a 1-line change into main 😅Hey thanks for your response, I do have users in the backend.yaml, I can fetch from postman but it just says invalid JSON body
Hm...
Oh, I think I see the issue.
By default,
axios uses multipart/form-data as the encoding type.Can you send me what's under the
Network tab in chrome, specifically the Headers and Payload sub-tabs?
(Also, under the payload sub-tab, click
view source)Yes sorry I’m afk but will get back to you
Nevermind on that actually, the issue is axios defaults to CORS preflight, and we don't handle that.
I know the fix.
On my end?
Reinstalling
opengb with this command should fix it for now.Do you mind explaining the issue? That way I can learn from it too
Essentially, when
axios sends a POST or PUT request, it actually sends two requests— first an OPTIONS request, and then the actual original request. The first request is called a "preflight" request.
The point of the OPTIONS request is to check whether the server can be communicated with using the settings the original request (originating URL, method, and headers).
However, we were returning incorrect headers in the case of an OPTIONS request, making the browser assume that CORS should not allow the requesting webpage to make that request.Got ya
Thank you man
Makes a lot of sense
Ran this, still getting CORs error
It's a different one though
Try running it again. I didn't realize that sending a 404 would make the preflieght fail.
Wouldn’t sending a 404 give an error as well? It’s the correct endpoint according to the doc
We have to work on when we send 404 errors— we need to start sending 405 errors instead in some cases.
Still same error
I haven't changed anything on my end, still same code as op
Did you rerun the install command?
yes
GitHub
Allow configuring CORS from the backend.yaml · Issue #313 · rivet-g...
This is a backend-wide configuration for the HTTP server itself, not something specific to modules. So this needs to be configured for the entire project. This should have a default of no CORS in o...
Anything I can do atm?
let me push a temp patch that does cors *
give me 5m
actually, it'd be faster for both of us if you just used this plugin for a bit https://chromewebstore.google.com/detail/allow-cors-access-control/lhobafahddgcelffkeicbaginigeejlf
Allow CORS: Access-Control-Allow-Origin
Easily add (Access-Control-Allow-Origin: *) rule to the response header.
@Sky do you have time today to impl #313?
Ok sounds good thanks
Alright im starting on this
For some reason, even with the extension on, I am still getting the same error
hmm
sky has a wip pr here that you can probably use instead: https://github.com/rivet-gg/opengb/pull/314
so install that and add to your backend yaml:
whatever the localhost your next thing is running on ^
Do I just rerun this?
Sorry I'm not familiar with forking
@Nathan Is it cool if I just hop in the vc rq and get this thing solved before I gotta head out?
yep
