Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

always enable cors middleware, even on failing requests #733

Merged
merged 1 commit into from
Aug 2, 2024
Merged

always enable cors middleware, even on failing requests #733

merged 1 commit into from
Aug 2, 2024

Conversation

Andrew7234
Copy link
Collaborator

@Andrew7234 Andrew7234 commented Jul 31, 2024
edited
Loading

Original issue description:

Return CORS headers on failed API responses

When API response fails it doesn't include Access-Control-Allow-Origin header. So frontend isn't allowed to even read the error code. e.g. after

- GET https://testnet.nexus.oasis.io/v1/consensus/accounts/oasis1qrtyn2q78jv6plrmexrsrv4dh89wv4n49udtg2km/debonding_delegations?limit=5&offset=0 net::ERR_FAILED 502 (Bad Gateway) 
- Frontend only knows TypeError: Failed to fetch  
- (browser has more access than javascript and it prints to console
Access to XMLHttpRequest at 'https://testnet.nexus.oasis.io/v1/consensus/accounts/oasis1qrtyn2q78jv6plrmexrsrv4dh89wv4n49udtg2km/debonding_delegations?limit=5&offset=0' from origin 'http://localhost:1234' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.)

To reproduce after debonding_delegations endpoint is fixed:
- open https://explorer.oasis.io/
- browser console
- console.log('aaa', (await fetch('https://testnet.nexus.oasis.io/v1/consensus/accounts/oasis1qrtyn2q78jv6plrmexrsrv4dh89wv4n49udtg1km')).status)  
- does not print "aaa 400"

CORS headers were not returned for failing/malformed requests; this PR fixes that by manually running the CORS middleware.

» curl -i -H 'Origin: example.com' 'localhost:8008/v1/consensus/accounts/oasis1qrtyn2q78jv6plrmexrsrv4dh89wv4n49udtg1k'
HTTP/1.1 400 Bad Request
Access-Control-Allow-Origin: *
Content-Type: application/json; charset=utf-8
Vary: Origin
X-Content-Type-Options: nosniff
Date: Wed, 31 Jul 2024 22:20:53 GMT
Content-Length: 227

{"msg":"Invalid format for parameter address: error unmarshalling 'oasis1qrtyn2q78jv6plrmexrsrv4dh89wv4n49udtg1k' text as *api.Address: address: decoding from bech32 failed: decoding bech32 failed: invalid separator index 43"}

@lukaw3d please lmk if this isn't sufficient; I tried testing on browser but I wasn't able to see the cors headers at all, even for successful requests. (maybe bc of cloudflare?)

Screenshot 2024-07-31 at 6 28 06 PM

@Andrew7234 Andrew7234 requested review from pro-wh and ptrus as code owners July 31, 2024 22:29
@Andrew7234 Andrew7234 requested a review from lukaw3d August 1, 2024 00:27
@Andrew7234 Andrew7234 force-pushed the andrew7234/always-use-cors branch from 95b1ab7 to cbe4ecd Compare August 1, 2024 00:35
@lukaw3d
Copy link
Member

lukaw3d commented Aug 1, 2024

In browser you have make request from a different origin e.g.

  • open https://explorer.oasis.io/
  • browser console
  • console.log('aaa', (await fetch('https://testnet.nexus.oasis.io/v1/consensus/accounts/oasis1qrtyn2q78jv6plrmexrsrv4dh89wv4n49udtg1km')).status)
  • look at request

@Andrew7234
always enable cors middleware, even on failing requests
d6abf3d 
changelog

update e2e_regression test cases
@Andrew7234 Andrew7234 force-pushed the andrew7234/always-use-cors branch from cbe4ecd to d6abf3d Compare August 1, 2024 18:07
@Andrew7234 Andrew7234 merged commit 78bbdbb into main Aug 2, 2024
16 checks passed
@Andrew7234 Andrew7234 deleted the andrew7234/always-use-cors branch August 2, 2024 18:12
@lukaw3d lukaw3d mentioned this pull request Aug 28, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lukaw3d lukaw3d lukaw3d approved these changes

@ptrus ptrus ptrus approved these changes

@pro-wh pro-wh Awaiting requested review from pro-wh pro-wh is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@Andrew7234 @lukaw3d @ptrus