Comments (17)
I've updated tests and the README accordingly and added the note as suggested by @bjunc.
from cors_plug.
Sorry you @yordis and @bjunc - nevermind, that was a wrong late-hour reply on my end.
Actually the origin is supposed to be a protocol, host, port triple. Looks like that's insufficiently covered by tests, I'll fix that.
That also means that if you want to allow the same origin on multiple ports, you have to specify each port from which you want to allow tests. So if your front-end is running on a different port than your back-end, you'll have to specify the front-ends port, not the back-ends. Hope that makes sense.
from cors_plug.
On second thought, breaking this out to a new issue.
But +1 for this as well.
from cors_plug.
@mschae is this still valid? I saw that you did some release 14 days ago so I am wondering if this is fix already
from cors_plug.
I'm having the same problem.
from cors_plug.
I have no leads here and issues recreating the issue.
We should no longer pass back an empty header as of the release recently (will verify).
Any way I can recreate this issue?
from cors_plug.
In my case I was having problems in an empty 1.3 phoenix application using the following configuration:
config :cors_plug,
origin: ["http://localhost:3000", "http://localhost:3001"]
I had issues with cors_plug versions 1.4 and 1.3, and I was able to fix it by downgrading to 1.2.1
Sorry for the late response, I hope this helps! 😄
from cors_plug.
Oh, I forgot. with that configuration I had access from localhost:3000
but I could not reach the backend from localhost:3001
. It may be a problem handling the url list.
from cors_plug.
@rcoedo can you please give me more info so I can reproduce?
- What did you expect to see?
- What did you see instead?
Please provide the headers you are seeing (/not seeing).
Thanks
from cors_plug.
I saw the exact same error shown in the first comment in the console, and Access-Control-Allow-Origin
was set to null
for localhost:3001
, but it was correct for localhost:3000
I'm sorry that I can't give you more info to reproduce this, the project was just a toy project and I already deleted it.
from cors_plug.
I just ran into this issue myself and am currently working through it to hopefully find a resolution. In my particular case the issue arose when we run both http and https.
from cors_plug.
I am also receiving a null
origin. This happens when I attempt any method for explicitly setting allowed origins. I've tried lists, regex, function, config, etc.. All result in null
. Any thoughts? I'm using v1.5
.
resp_headers: [
{"cache-control", "max-age=0, private, must-revalidate"},
{"vary", "Origin"},
{"access-control-allow-origin", "null"},
{"access-control-expose-headers", ""},
{"access-control-allow-credentials", "true"},
{"x-request-id", "saecnu6r28v1goopcu0g516bpf7po7vv"}
],
from cors_plug.
@bjunc Hard to tell from what information you're providing.
Can you provide your configuration and how you're testing it? A gist or example project would be ideal.
For everyone else who comments on here: If you are experiencing this issue please provide a gist or a sample project with instructions on how I can test this. I have currently no leads tracking this down. Thank you!
from cors_plug.
My app is pretty complex at this point, so it's possible there is a config conflict. However, I can create the error pretty simply:
- Add
plug CORSPlug, origin: ["http://localhost:3000"]
toendpoint.ex
. - Navigate to a simple route (no pipeline, no guardian, etc.).
- Inspect the response in Chrome dev tools
- You should see
access-control-allow-origin: null
If I remove the origin from the plug, then the response comes back with access-control-allow-origin: *
.
It seems no matter what method I attempt to add an allowed origin, it always comes back as null
. It does seem doable that I can manually set access-control-allow-origin
using put_resp_header()
at the end of a pipeline. However, this isn't ideal...
I'm using v1.5
, with Phoenix 1.3.0
.
from cors_plug.
@bjunc The origin is a domain name, not a URL. In your case it would have to be plug CORSPlug, origin: ["localhost"]
from cors_plug.
@mschae if that is the case, then that was the issue for me for sure ..... my fault!
from cors_plug.
@mschae I ultimately ditched the origin logic, so I can't say what I had originally used. It's possible what I wrote into the issue comment was not accurate (using "http://localhost:3000"
instead of just locahost
). Either way, I appreciate you looking into it.
One thing worth noting though, is that the README shows with and without the scheme/protocol; which might be where some of the confusion here is coming from.
Also, it's probably worth noting in the README that null
is returned when there is a mismatch between the request origin and the allowed origins. Maybe even a debug warning in the console would help.
from cors_plug.
Related Issues (20)
- Origin validation on OPTIONS HOT 3
- No CORS headers embedded in Plug.ErrorHandler code path HOT 2
- General CORS library HOT 3
- Options Requests without `Access-Control-Request-Method` should not be halted
- Unreachable code? HOT 2
- Support Plug 1.7 dependency HOT 1
- "Access-Control-Allow-Origin" is null when using regex for origin? HOT 3
- Configuration not working with Elixir 1.9 releases HOT 3
- Regex from string HOT 1
- FunctionClauseError when origin option is a list containing a regex HOT 1
- Regex isn't working on preflight request HOT 5
- A way to enable logging - difficult to configure HOT 3
- CORS Header empty HOT 2
- Looks like init function is called during the compile time HOT 1
- Access-Control-Allow-Credentials should not be included if set to false
- Headers cannot be set dynamically
- Minor security issue with origin checks
- Using config.ex does not work HOT 1
- default config of origin: * and credentials: true seems invalid?
- cors-rfc1918
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors_plug.