Comments (5)
Hey @macabeus,
your connection isn't refused. Curl is first trying IPv6 (which doesn't work), then IPv4 (which does work). And its returning the correct headers (see this line in your comment: < access-control-allow-origin: http://localhost:8080
).
Not sure where the problem lies but the plug seems to be working fine, so I'll go ahead and close the issue. Sorry I can't be of more help.
Stay healthy
Michael
from cors_plug.
Hey @macabeus,
sorry to hear you're heaving trouble with this plug.
To verify I wrote a few quick tests but they seem to work just fine:
test "regex works" do
opts = CORSPlug.init(origin: [~r/http:\/\/localhost:\d+$/, "https://other-addresses.net"])
conn =
:get
|> conn("/")
|> put_req_header("origin", "http://localhost:8000")
|> CORSPlug.call(opts)
assert ["http://localhost:8000"] == get_resp_header(conn, "access-control-allow-origin")
end
That test passes, so it seems to be working fine.
First thing that strikes me is that none of your regexes in the example are valid: Both are missing the terminating /
and the one where you want to match against arbitrary numbers is using / d
instead of \d
(see my example). Could it just be a case of simple mistakes in your regexes? Or are those just typos in this issue?
In either case I'd suggest testing your regexes using iex like so:
iex(1)> "https://localhost:8000" =~ ~r/https:\/\/localhost:\d+$/
true
from cors_plug.
@mschae Very thank you for the fast reply!
Yeah, I did a typo when I was writing the issue. I'm sorry for confuse. Good catch.
So I tried again, but I can't fix my issue.
I'm using this code:
plug CORSPlug, origin: [~r/http:\/\/localhost:\d+/,
And validating this regex, it's fine
iex(3)> "http://localhost:8000" =~ ~r/http:\/\/localhost:\d+/
true
I restarted the Phoenix's server and I'm still receiving the same error on preflight step:
Also I received these logs on phoenix:
17:16:25.824 [info] OPTIONS /api/sign_in
17:16:25.839 [info] Sent 204 in 15ms
(there is no more logs)
On browser side, I'm using the fetch
function.
Am I doing anymore mistake?
from cors_plug.
Hey @macabeus,
hard to tell what's going wrong. Might be the way that you set up the CORS plug.
Try this: curl -X OPTIONS -H "Origin: http://localhost:8000" --verbose localhost:8000
and see if you see the right headers there.
from cors_plug.
Hello @mschae
Without regex on cors_plug
config and using this curl command, my connection is refused (I changed the ports to follow which I'm using):
> curl -X OPTIONS -H "Origin: http://localhost:8080" --verbose localhost:4000
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 4000 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4000 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: http://localhost:8080
>
< HTTP/1.1 204 No Content
< access-control-allow-credentials: true
< access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
< access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
< access-control-allow-origin: http://localhost:8080
< access-control-expose-headers:
< access-control-max-age: 1728000
< cache-control: max-age=0, private, must-revalidate
< date: Wed, 18 Mar 2020 09:02:05 GMT
< server: Cowboy
< vary: Origin
< x-request-id: Ff1aelYL41KVgRoAAALC
<
* Connection #0 to host localhost left intact
* Closing connection 0
And on Phoenix side:
09:02:05.380 [info] OPTIONS /
09:02:05.380 [info] Sent 204 in 215µs
(there is no more logs)
But I really don't know why it doesn't work on curl, because I did the same thing on browser and it worked.
So I tested copying the same headers on preflight request from browser to curl request, but it still doesn't work.
> curl -X OPTIONS \
-H "Accept: */*" \
-H "Accept-Encoding: gzip, deflate, br" \
-H "Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,ar;q=0.6,de;q=0.5,es;q=0.4,fr;q=0.3,it;q=0.2,ja;q=0.1,pl;q=0.1,tr;q=0.1,zh-TW;q=0.1,zh;q=0.1" \
-H "Access-Control-Request-Headers: content-type" \
-H "Access-Control-Request-Method: POST" \
-H "Cache-Control: no-cache" \
-H "Connection: keep-alive" \
-H "Host: localhost:4000" \
-H "Origin: http://localhost:8080" \
-H "Pragma: no-cache" \
-H "Referer: http://localhost:8080/" \
-H "Sec-Fetch-Dest: empty" \
-H "Sec-Fetch-Mode: cors" \
-H "Sec-Fetch-Site: same-site" \
-H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" \
--verbose http://localhost:4000/api/sign_in
* Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 4000 failed: Connection refused
* Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4000 (#0)
> OPTIONS /api/sign_in HTTP/1.1
> Host: localhost:4000
> Accept: */*
> Accept-Encoding: gzip, deflate, br
> Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,ar;q=0.6,de;q=0.5,es;q=0.4,fr;q=0.3,it;q=0.2,ja;q=0.1,pl;q=0.1,tr;q=0.1,zh-TW;q=0.1,zh;q=0.1
> Access-Control-Request-Headers: content-type
> Access-Control-Request-Method: POST
> Cache-Control: no-cache
> Connection: keep-alive
> Origin: http://localhost:8080
> Pragma: no-cache
> Referer: http://localhost:8080/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: same-site
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
>
< HTTP/1.1 204 No Content
< access-control-allow-credentials: true
< access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
< access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
< access-control-allow-origin: http://localhost:8080
< access-control-expose-headers:
< access-control-max-age: 1728000
< cache-control: max-age=0, private, must-revalidate
< date: Wed, 18 Mar 2020 09:26:59 GMT
< server: Cowboy
< vary: Origin
< x-request-id: Ff1b1nypoWlIisYAAAPC
<
* Connection #0 to host localhost left intact
* Closing connection 0
Might be the way that you set up the CORS plug.
I set up adding the plug CORSPlug
on module Endpoint
one line before of plug MyApp.Router
from cors_plug.
Related Issues (20)
- Support wildcard subdomains HOT 2
- Origin validation on OPTIONS HOT 3
- No CORS headers embedded in Plug.ErrorHandler code path HOT 2
- General CORS library HOT 3
- Options Requests without `Access-Control-Request-Method` should not be halted
- Unreachable code? HOT 2
- Support Plug 1.7 dependency HOT 1
- "Access-Control-Allow-Origin" is null when using regex for origin? HOT 3
- Configuration not working with Elixir 1.9 releases HOT 3
- Regex from string HOT 1
- FunctionClauseError when origin option is a list containing a regex HOT 1
- A way to enable logging - difficult to configure HOT 3
- CORS Header empty HOT 2
- Looks like init function is called during the compile time HOT 1
- Access-Control-Allow-Credentials should not be included if set to false
- Headers cannot be set dynamically
- Minor security issue with origin checks
- Using config.ex does not work HOT 1
- default config of origin: * and credentials: true seems invalid?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cors_plug.