Comments (12)
Hello. I've seen this kind of problem earlier. Could you verify that the front end is sending the Origin header with the XHR request?. As you can see in the following link, the CORS middleware is checking for it.
https://github.com/aspnet/CORS/blob/5eae687ddd2f1a297b39a4099fa52e9280517a33/src/Microsoft.AspNetCore.Cors/Infrastructure/CorsMiddleware.cs#L104-#L105
Be sure as well to use AddCors(), not only UseCors, in the previous snippet only UseCors is shown:
https://docs.microsoft.com/en-us/aspnet/core/security/cors?view=aspnetcore-2.1
We had this issue in other Xabaril repository with VUE and it was the XHR client not sending the header.
from beatpulse.
Works!
from beatpulse.
Hi, thanks for the fast response!
Could you verify that the front end is sending the Origin header with the XHR request?
I don't think so, i thought the 'Origin' header is only for POST requests? https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Origin
Even if i add 'Origin'.. browser output:
- Refused to set unsafe header "Origin"
- Failed to load http://localhost:5000/hc: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:4200' is therefore not allowed access.
BeatPulse Backend output:
2018-06-04 16:05:36,737 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 OPTIONS http://localhost:5000/hc
2018-06-04 16:05:36,738 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService: Policy execution successful.
2018-06-04 16:05:36,738 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1.104ms 204
2018-06-04 16:05:36,745 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 GET http://localhost:5000/hc application/json
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: BeatPulse is checking health on [BeatPulsePath]/
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: Executing liveness self.
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: The liveness self is executed.
2018-06-04 16:05:36,746 INFO BeatPulse.Core.BeatPulseService: Sending liveness result to all configured trackers.
2018-06-04 16:05:36,747 INFO BeatPulse.Core.BeatPulseService: Executing liveness MySqlLiveness.
2018-06-04 16:05:36,802 INFO BeatPulse.Core.BeatPulseService: The liveness MySqlLiveness is executed.
2018-06-04 16:05:36,805 INFO BeatPulse.Core.BeatPulseService: Sending liveness result to all configured trackers.
2018-06-04 16:05:36,806 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 60.436ms 200 application/json
Working request backend output (normal controller):
2018-06-04 16:06:16,361 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 OPTIONS http://localhost:5000/api/test
2018-06-04 16:06:16,362 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService: Policy execution successful.
2018-06-04 16:06:16,362 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1.687ms 204
2018-06-04 16:06:16,441 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request starting HTTP/1.1 GET http://localhost:5000/api/test application/json
2018-06-04 16:06:16,441 INFO Microsoft.AspNetCore.Cors.Infrastructure.CorsService: Policy execution successful.
…
2018-06-04 16:06:17,883 INFO Microsoft.AspNetCore.Hosting.Internal.WebHost: Request finished in 1441.949ms 200 application/json; charset=utf-8
from beatpulse.
Could you show your full Configure, ConfigureServices code?
from beatpulse.
Not full, but most of it:
public void ConfigureServices(IServiceCollection services) {
services.AddAutoMapper();
services.AddCors();
services.AddBeatPulse(setup =>
{
setup.AddMySql(connectionString);
} );
var mvc = services.AddMvc();
services.AddDbContext<…>(o => o.UseMySQL(connectionString));
services.AddIdentity<User, UserRole>(options =>
{
…
} ).AddEntityFrameworkStores<…>();
mvc.AddJsonOptions(options =>
{
…
} );
services.AddAuthentication(options =>
{
…
} ).AddJwtBearer(options => …);
services.AddSingleton<…>();
…
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env, ILoggerFactory
loggerFactory)
{
loggerFactory.AddLog4Net();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
app.UseCors(builder => builder
.AllowAnyOrigin()
.
AllowAnyMethod()
.
AllowAnyHeader()
.
AllowCredentials());
app.UseAuthentication();
app.UseMvc();
}
from beatpulse.
And yes, 'Origin' is there by default, request header:
HTTP_TRANSACTION_SEND_REQUEST_HEADERS
--> OPTIONS /health HTTP/1.1
Host: localhost:5000
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://localhost:4200
User-Agent: Mozilla/5.0
Access-Control-Request-Headers: content-type
Accept: /
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en-US;q=0.9,en;q=0.8
from beatpulse.
@JoschaHemlep I made a playground and I discovered where the problem is. It will be fixed on the next version. Thanks for reporting the problem.
from beatpulse.
Hi @JoschaHemlep!!
BeatPulseFilter is a IStartupFilter that register a terminal middleware, at this moment this middleware don't support CORS preflight.
The team is working on design a most simple solution to include CORS support on BeatPulse 1.X and improve this on 2.0.
from beatpulse.
@CarlosLanderas @unaizorrilla Ah, okay! Thanks
from beatpulse.
Merged PR #61 should be fixed now. Check documentation.
from beatpulse.
Hi, PR #61 from @CarlosLanderas is merged today, this add support for CORS on BeatPulse 1.X.
For 2.X BeatPulse need to improve this and other related scenarios with terminal middlewares.
Please @JoschaHemlep check version 1.7.2 on nuget ( at this moment is building and nuget take some time before public the packages) and close the issue if works well.
Thanks
Unai
from beatpulse.
@unaizorrilla Thanks! I'll give it a try
from beatpulse.
Related Issues (20)
- Custom response HOT 2
- BeatPulse UI show old state after degraded one of services
- BeatPulse.Redis has reference to unsuported StackExchange.Redis.StrongName package HOT 2
- Inconsistent log level used in liveness checkers HOT 1
- Liveness checkers logs connection string HOT 1
- Question : Call health check from code HOT 1
- GetAllLiveness not accessible when creating new BeatPulse for Akka
- Adding multiple liveness results in Exception, "More then one sequence found" HOT 1
- Disable logs
- Add deprecated status to this repo HOT 2
- Liveness configuration from configuration file HOT 1
- Add Elasticsearch Provider HOT 2
- [BeatPulse-UI] Impossible to display data HOT 10
- UI behind reverse proxy HOT 14
- How to use beatpulse in iis authentication
- Incorrect NuGet Package HOT 7
- Redis livepoint creates numerous connections to Redis HOT 9
- Question: Can beatpulse be used with MVC 5 apps and full framework windows services? HOT 3
- Migrate to new aspnet core version.
- BeatPulse UI memory leak HOT 14
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from beatpulse.