I'm using a C9 AWS instance to run an API REST written in ruby on rails, and i'm consuming the resources from an Ionic App with simple http calls.
When i make a http request from the ionic app, the server response with this message:
Failed to load https://the_server.vfs.cloud9.us-east-2.amazonaws.com/resource: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8100' is therefore not allowed access. The response had HTTP status code 404.
How can I enable the CORS in the Cloud 9 instance ?
I have already enable the CORS in rails with the rack-cors gem
The call to https://the_server.vfs.cloud9.us-east-2.amazonaws.com/resource is being handled by a proxy. To allow CORS, you need to call the server directly. You can do that
by connecting to the server IP address, and opening the correct ports. It's described here: https://docs.aws.amazon.com/cloud9/latest/user-guide/app-preview.html?icmpid=docs_ac9_ide#app-preview-share
Related
Requesting for some help here. Kind of stuck with a use case. We are trying to integrate OneLogin with our app via Spring security.
The entry point to our application is Azure App Gateway that routes the requests to load balancer further routing to the VMs where the service is deployed. Everything works fine if we DONOT override the hostname in Backend settings for any incoming request, leading to the App Gateway host only getting passed for every request. Here the App Gateway URL being set as the redirect URI in Spring security auth endpoint call.
The problem appears when the Apigee is used as the entry point to our application. Apigee routes the request to App Gateway routing it further to load balancer and VMs. Here, we DO have to override the host as Apigee host name in order to authenticate the client to the OneLogin server. The Apigee endpoint is set as the redirect URI in the Spring security auth endpoint call.
However, the server responds back with "possible CSRF detected - state parameter was required but no state could be found" error. Tried different possible solutions from other SO links to resolve this error like providing a session cookie name, but did not help. Our OneLogin server and client application are also in different domains.
The only thing that works here is when we DONOT override the hostname in Azure App Gateway Backend settings and pass the App Gateway URL as the redirect URI in auth endpoint call. But the problem is it shows the App Gateway URL in the user browser, which we do not want because in an ideal scenario, the user should see only the Apigee host in the browser url and not the App Gateway host. So, is there any way to re-route/redirect/override the URL to Apigee URL in Azure App Gateway settings without the call being made to Apigee endpoint. Just the user sees the Apigee url in the browser, but internally all calls are made to App Gateway endpoint only.
Or the other solution could be to prevent the CSRF issue when Apigee hostname is used as the redirect URL in the auth endpoint instead of App Gateway host. But not sure how to resolve that.
• In your scenario, when you are not overriding the hostname in the Azure application gateway backend settings and pass the ‘Application Gateway’ URL as redirect URL in the ‘Authorization endpoint call’, the application gateway URL is shown in the user’s browser which is not desired since the Apigee host redirects the authentication requests to the ‘App gateway’ endpoint.
Therefore, without the call to be made to the ‘Apigee’ endpoint, you can surely redirect it to the Apigee redirect URL in the Azure application gateway settings by configuring the ‘Rewrite URI rules’ in the gateway. These rewrite rules will check for any presence of configured URLs or specific paths and will therefore, change the original URI path to the new path configured. As a result, please follow the below given snapshots as steps for configuring the same as stated above: -
Thus, as shown above, you can configure the ‘Rewrite rules’ in a ‘Standard V2’ SKU application gateway for redirecting response requests of ‘authorization endpoint call’ from application gateway URL to the Apigee endpoint hostname configured. In this way, when the application gateway URL is shown in the browser, it will be rewrited to the apigee endpoint hostname’s URL in the browser and accordingly the user at the receiving end will be able to see the Apigee endpoint hostname as a result fulfilling your requirement.
For more details regarding the above, kindly refer the below link: -
https://learn.microsoft.com/en-us/azure/application-gateway/rewrite-http-headers-url#modify-a-redirection-url
I received the following
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at <my-ip-address> (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
after calling the rest server from my angular app, the code was working perfect when I was using local rest server
I have a Javascript SPA that uses access tokens to talk to a backend API / Auth server. I'm using OpenIddict and JWT Bearer authentication on our combined API / Authorization server. We are using the Implicit flow.
For the time being, I am not using SSL - all requests are just http.
Everything has been configured and works correctly on my dev machine. When I publish these 2 sites to IIS everything still works fine when using an IP addresses for the 2 websites that are set up (there is 1 website for the Javascript SPA, and 1 website for the API / Auth server).
So basically I have 2 websites at the same IP address running on 2 different ports:
1) SPA 192.168.1.50:3000
2) AuthServer 192.168.1.50:5959
Now I want to enable hostnames for these sites. I now have edited the IIS bindings in order to bind these 2 sites to a host name like so:
1) SPA app.mycompany:3000
2) AuthServer app.mycompany:5959
When I do this, I am getting a message about not being able to access the .well-known/openid-configuration endpoint and am getting a JWT Bearer exception when trying to hit the UserInfo endpoint.
I can hit my SPA, get redirected to the Auth Server's login page and then successfully login. By looking at the web requests in Fiddler I see that I can hit the authorize end point and now have an access_token. As soon as the discovery step happens though things break.
The discovery end point can't be found and then immediately after that the userinfo endpoint is prevented from being hit because the bearer authentication fails.
By examining my logs I can see that JWT Bearer token fails to validate on the the UserInfo endpoint.
When this discovery endpoint is requested:
app.mycompany:5959/.well-known/openid-configuration
This is the error message I am getting:
IDX10803: Unable to obtain configuration from: 'http://app.mycompany.com:5959/.well-known/openid-configuration
And in my logs this is what I'm seeing at the point where the UserInfo controller is requested:
2017-11-09 14:12:35.7510|1|INFO|Microsoft.AspNetCore.Hosting.Internal.WebHost|Request starting HTTP/1.1 OPTIONS http://app.mycompany:5959/connect/userinfo
2017-11-09 14:12:35.7510|1|DEBUG|Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware|OPTIONS requests are not supported
2017-11-09 14:12:35.7510|1|DEBUG|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|The request is a preflight request.
2017-11-09 14:12:35.7510|2|DEBUG|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|The request has an origin header: 'http://app.mycompany:3000'.
2017-11-09 14:12:35.7510|4|INFO|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|Policy execution successful.
2017-11-09 14:12:35.7510|9|DEBUG|Microsoft.AspNetCore.Server.Kestrel|Connection id "0HL97NQJHQ576" completed keep alive response.
2017-11-09 14:12:35.7510|2|INFO|Microsoft.AspNetCore.Hosting.Internal.WebHost|Request finished in 6.2953ms 204
2017-11-09 14:12:35.7510|1|INFO|Microsoft.AspNetCore.Hosting.Internal.WebHost|Request starting HTTP/1.1 GET http://app.mycompany:5959/connect/userinfo
2017-11-09 14:12:35.7510|4|DEBUG|Microsoft.AspNetCore.StaticFiles.StaticFileMiddleware|The request path /connect/userinfo does not match a supported file type
2017-11-09 14:12:35.7510|2|DEBUG|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|The request has an origin header: 'http://app.mycompany:3000'.
2017-11-09 14:12:35.7510|4|INFO|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|Policy execution successful.
2017-11-09 14:12:35.7510|0|DEBUG|OpenIddict.OpenIddictHandler|The default userinfo request handling was skipped from user code.
2017-11-09 14:12:35.7664|9|DEBUG|Microsoft.AspNetCore.Authentication.Cookies.CookieAuthenticationHandler|AuthenticationScheme: Identity.Application was not authenticated.
2017-11-09 14:12:35.7664|1|DEBUG|Microsoft.AspNetCore.Routing.Tree.TreeRouter|Request successfully matched the route with name '(null)' and template 'connect/userinfo'.
2017-11-09 14:12:35.7664|1|DEBUG|Microsoft.AspNetCore.Mvc.Internal.ControllerActionInvoker|Executing action ApiAuthServer.Controllers.UserinfoController.Userinfo (ApiAuthServer)
2017-11-09 14:12:35.7664|2|DEBUG|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|The request has an origin header: 'http://app.mycompany:3000'.
2017-11-09 14:12:35.7664|4|INFO|Microsoft.AspNetCore.Cors.Infrastructure.CorsService|Policy execution successful.
2017-11-09
14:12:35.7664|3|ERROR|Microsoft.AspNetCore.Authentication.JwtBearer.JwtBearerHandler|Exception occurred while processing message. IDX10803: Unable to obtain configuration from: 'http://app.mycompany:5959/.well-known/openid-configuration'.
If I navigate directly to app.mycompany:5959/.well-known/openid-configuration from outside the server in a browser, I can hit that discovery endpoint and see the json data. It works.
But if I try to access that endpoint from within the IIS server I get the same error message. I can't seem to access that on the IIS box. But if I remove the host name binding and go back to IP addresses, I can successfully hit the discovery endpoint even on the IIS box and the app works fine.
So I am really at a loss of what the problem is. Not sure if there is some IIS setting I need to tweak, or if this is a bug in the JWT Bearer middleware or if it is something to do with OpenIddict.
I just want to be able to use hostnames on IIS for my app(s)
I am using angular application to run the application which uses ruby on rails backend apis. Our application works correctly on web desktop in different browsers but for mobile devices, I am getting 406 not acceptable errors for the same apis. Not getting a way to understand where is the problem in frontend code side or in backend api side.
Just to add the OPTIONS request is sent first on which I am getting this error.
Your backend service is saying that the response type it is returning is not provided in the Accept HTTP header in your Client request.
Ref: http://en.wikipedia.org/wiki/List_of_HTTP_header_fields
Find out the response (content type) returned by Service.
Provide this (content type) in your request Accept header.
http://en.wikipedia.org/wiki/HTTP_status_code -> 406
What is "406-Not Acceptable Response" in HTTP?
I can call the HTTP web service but when the same service is HTTPS it throws error that it cannot be called. I am invoking it from iOS application. Do I need to pass some additional header fields related to HTTPS.
UPDATE (SOLUTION):
Seems like it just needed the HOST header parameter.
if you are not passing any authorization parameters in any way to the service and it is just a url: "https://www.xxxxxx.com/dev/tools/search=?" the issue is from server side authentication certificate. they need to allow the request to be taken in from server's end by configuring server authentication certificate.