CORS Issue

[gf-atebbe]

I'm trying to run the job manager UI in a separate Docker container from the Cromwell server. The two containers are running on the same host, and I link the two when I launch the job manager UI container.

docker run -d -p 80:80 --link cromwell:cromwell --name cromwell-ui myregistry/cromwell-ui:0.4.1

When I load the job manager UI, I am immediately running into a CORS issue. I tried adding the CORS headers to the nginx server running the job manager UI, but I believe it is the Cromwell server itself that needs to have CORS disabled. Is there any way to do this so that the UI will work? I also tried disabling CORS in the browser but I continue to get this error message.

Access to XMLHttpRequest at 'http://10.66.49.137:8000/api/workflows/v1/capabilities' from origin 'http://10.66.49.137' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

[calbach]

The CORS issue is with the UI -> job manager API (a shim on Cromwell). AFAICT this isn't a supported configuration for Cromwell, but it would be easy enough to add support (something similar to

job-manager/servers/dsub/jobs/__main__.py

Line 67 in 6535563

if args.allow_origins:

). Alternatively you can run with docker-compose which will put the UI and API behind the same port.

I'm not sure what the latest intended/supported configurations for a Cromwell deployment. @ruchim or @rexwangcc may know.