v1.17.1: cannot login from client? [CORS header ‘Access-Control-Allow-Origin’ missing?]

[byte-for-byte]

What components are related to the issue?

API

Which FDP are you using?

My local instance

Version

https://github.com/FAIRDataTeam/FAIRDataPoint.git
https://github.com/FAIRDataTeam/FAIRDataPoint-client.git

What happened?

I installed FAIRDataPoint

git clone https://github.com/FAIRDataTeam/FAIRDataPoint.git
mvn spring-boot:run -Dspring-boot.run.profiles=development

and FAIRDataPoint-client

git clone https://github.com/FAIRDataTeam/FAIRDataPoint-client.git
npm install
# create the public/config.js as shown in the docs
npm run serve

which shows:

DONE  Compiled successfully in 14751ms                                                                                                                                           11:46:07 AM
App running at:
- Local:   http://my_hostname:8081/
- Network: http://my_hostname:8081/

When I browse (FF, Chrome) to http://my_hostname:8081/, I get the landing page; selecting the login link and entering a default user credentials as mentioned in the documentations, I get "Login failed".
The users are in the postgresql DB and I can also retrieve a token through the API for the users at http://localhost:8080/tokens .

Looking at the browser's console log:

XHR OPTIONS
http://localhost:8080/tokens
CORS Missing Allow Origin
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:8080/tokens. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 403.

Is this intended?
Please let me know if I am missing something?

TIA

Relevant log output

No response

[byte-for-byte]

Hm... No reaction for 3 months. Is this project discontinued? Could an author please give a quick comment on this question? I am trying to figure out if I should be patient longer or abandon this (in principal) great tool. Thanks.

[dennisvang]

Hi @byte-for-byte, please allow me to summarize your issue, just to make sure I understand correctly:

• The users are in the postgresql DB [...]

  This suggests you are using the develop branch, not the tagged v1.17.1, because the latter uses mongodb instead of postgresql. Is that correct?

• Looks like you've mapped 127.0.0.1 to my_hostname and are visiting the FDP-client through http://my_hostname:8081/, instead of the default http://localhost:8081.

• I assume you are also running npm run serve -- --host my_hostname (or something equivalent), otherwise I would expect an Invalid Host Header response from the FDP-client.

If the above is true, then your request Origin header will be http://my_hostname:8081, whereas your Host header is localhost:8080. The fact that the Origin does not match the Host implies that you're making a cross-origin request.

The CORS Missing Allow Origin message suggests that the response from the FDP server does not include the Access-Control-Allow-Origin header.

Apparently, the FDP is configured to disallow CORS for this endpoint, even though, to the untrained eye (mine), it looks like CORS should be allowed for all origins:

FAIRDataPoint/src/main/java/org/fairdatapoint/api/filter/CORSFilter.java

Line 57 in 1e33bfd

response.setHeader(HttpHeaders.ACCESS_CONTROL_ALLOW_ORIGIN, "*");

I've been able to reproduce this behavior on my system. Currently looking into the exact cause.

Note that the issue does not arise if you visit the client using the default domain name http://localhost:8081.

[dennisvang]

Not sure why the original CORSFilter does not work, but a modern CORS configuration does seem to fix the issue.