CORS about beatpulse HOT 12 CLOSED

Hello. I've seen this kind of problem earlier. Could you verify that the front end is sending the Origin header with the XHR request?. As you can see in the following link, the CORS middleware is checking for it.
https://github.com/aspnet/CORS/blob/5eae687ddd2f1a297b39a4099fa52e9280517a33/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsMiddleware.cs#L104-#L105

Be sure as well to use AddCors(), not only UseCors, in the previous snippet only UseCors is shown:

https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.1

We had this issue in other Xabaril repository with VUE and it was the XHR client not sending the header.

Xabaril/JWTSimpleServer#6

from beatpulse.

Works! 👍

from beatpulse.

Hi, thanks for the fast response!

Could you verify that the front end is sending the Origin header with the XHR request?

I don't think so, i thought the 'Origin' header is only for POST requests? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin

Even if i add 'Origin'.. browser output:

• Refused to set unsafe header "Origin"
• Failed to load http://localhost:5000/hc: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.

BeatPulse Backend output:

2018-06-04 16:05:36,737 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 OPTIONS http://localhost:5000/hc
2018-06-04 16:05:36,738 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService: Policy execution successful.
2018-06-04 16:05:36,738 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1.104ms 204
2018-06-04 16:05:36,745 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 GET http://localhost:5000/hc application/json
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: BeatPulse is checking health on [BeatPulsePath]/
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: Executing liveness self.
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: The liveness self is executed.
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: Sending liveness result to all configured trackers.
2018-06-04 16:05:36,747 INFO BeatPulse.Core.BeatPulseService: Executing liveness MySqlLiveness.
2018-06-04 16:05:36,802 INFO BeatPulse.Core.BeatPulseService: The liveness MySqlLiveness is executed.
2018-06-04 16:05:36,805 INFO BeatPulse.Core.BeatPulseService: Sending liveness result to all configured trackers.
2018-06-04 16:05:36,806 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 60.436ms 200 application/json

Working request backend output (normal controller):

2018-06-04 16:06:16,361 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 OPTIONS http://localhost:5000/api/test
2018-06-04 16:06:16,362 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService: Policy execution successful.
2018-06-04 16:06:16,362 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1.687ms 204
2018-06-04 16:06:16,441 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 GET http://localhost:5000/api/test application/json
2018-06-04 16:06:16,441 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService: Policy execution successful.
…
2018-06-04 16:06:17,883 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1441.949ms 200 application/json; charset=utf-8

from beatpulse.

Could you show your full Configure, ConfigureServices code?

from beatpulse.

Not full, but most of it:

public void ConfigureServices(IServiceCollection services) {

  services.AddAutoMapper();


         
  services.AddCors();   
       
  services.AddBeatPulse(setup =>
 {
 setup.AddMySql(connectionString);
 } );

     
       
  var mvc = services.AddMvc();

            
  services.AddDbContext<…>(o => o.UseMySQL(connectionString));

            
  services.AddIdentity<User, UserRole>(options =>
  {
  …
  } ).AddEntityFrameworkStores<…>();

 
  mvc.AddJsonOptions(options =>
 {
 …
 } );



  services.AddAuthentication(options =>
 {
 …
 } ).AddJwtBearer(options => …);


            
  services.AddSingleton<…>();
…


}

public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory
  loggerFactory)
 {


  loggerFactory.AddLog4Net();



    if (env.IsDevelopment())
 {
      app.UseDeveloperExceptionPage();

  }



app.UseCors(builder => builder
.AllowAnyOrigin()
.
AllowAnyMethod()
.
AllowAnyHeader()
.
AllowCredentials());



app.UseAuthentication();

app.UseMvc();



}


from beatpulse.

And yes, 'Origin' is there by default, request header:

HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> OPTIONS /health HTTP/1.1
Host: localhost:5000
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost:4200
User-Agent: Mozilla/5.0
Access-Control-Request-Headers: content-type
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8

from beatpulse.

@JoschaHemlep I made a playground and I discovered where the problem is. It will be fixed on the next version. Thanks for reporting the problem.

from beatpulse.

Hi @JoschaHemlep!!

BeatPulseFilter is a IStartupFilter that register a terminal middleware, at this moment this middleware don't support CORS preflight.

The team is working on design a most simple solution to include CORS support on BeatPulse 1.X and improve this on 2.0.

from beatpulse.

@CarlosLanderas @unaizorrilla Ah, okay! Thanks 👍

from beatpulse.

Merged PR #61 should be fixed now. Check documentation.

from beatpulse.

Hi, PR #61 from @CarlosLanderas is merged today, this add support for CORS on BeatPulse 1.X.

For 2.X BeatPulse need to improve this and other related scenarios with terminal middlewares.

Please @JoschaHemlep check version 1.7.2 on nuget ( at this moment is building and nuget take some time before public the packages) and close the issue if works well.

Thanks
Unai

from beatpulse.

@unaizorrilla Thanks! I'll give it a try

from beatpulse.