Cannot work on launchpad-frontend targeting prod-preview: CORS issue
corinnekrych opened this issue · 4 comments
corinnekrych commented
when trying to work on launchpad-frontend on local UI targetting remote server:
- set remote backend:
export LAUNCHPAD_BACKEND_URL=https://launch.prod-preview.openshift.io
- start local UI:
npm start
We get the error:
Failed to load https://launch.prod-preview.openshift.io/launchpad/commands/launchpad-new-project: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values 'http://localhost:8088, http://localhost:8088', but only one is allowed. Origin 'http://localhost:8088' is therefore not allowed access.
@gastaldi @bartoszmajsak Root cause seems to be server side configuration: duplicate Access-Control-Allow-Origin. Is there any proxy server side that could add the duplicate info?
When doing this curl, server returns:
curl -X OPTIONS -v -k -H "Origin: http://localhost" https://launch.prod-preview.openshift.io/launchpad/commands/launchpad-new-project
* Trying 54.210.186.127...
* TCP_NODELAY set
* Connected to launch.prod-preview.openshift.io (54.210.186.127) port 443 (#0)
* WARNING: disabling hostname validation also disables SNI.
* TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
* Server certificate: *.b6ff.rh-idev.openshiftapps.com
* Server certificate: DigiCert SHA2 High Assurance Server CA
* Server certificate: DigiCert High Assurance EV Root CA
> OPTIONS /launchpad/commands/launchpad-new-project HTTP/1.1
> Host: launch.prod-preview.openshift.io
> User-Agent: curl/7.54.0
> Accept: */*
> Origin: http://localhost
>
< HTTP/1.1 200 OK
< Server: nginx/1.10.2
< Date: Tue, 07 Nov 2017 08:11:58 GMT
< Content-Length: 0
< Access-Control-Allow-Origin: http://localhost
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: http://localhost
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
< Set-Cookie: 7328ad8b743e54c6d85aefb3b9f101f6=6eff141d18c4937904ec4eed48107795; path=/; HttpOnly; Secure
< Cache-control: private
<
* Connection #0 to host launch.prod-preview.openshift.io left intact
corinnekrych commented
the issue could be caused by nginx:
https://github.com/fabric8-launch/launchpad-templates/blob/master/cico/root/etc/nginx/nginx.conf
cc @vpavlin
gastaldi commented
Good catch. I will investigate too
vpavlin commented
@corinnekrych Can you try now? I get a single allow-origin header there now
corinnekrych commented
+1 it fixed the issue