I'm trying to write a cors policy using regex in order to allow many ports, but I can'

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

<a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url="/us

Hey <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-url=

Hello <a class="user-mention notranslate" data-hovercard-type="user" data-hovercard-ur

Regex isn't working on preflight request about cors_plug HOT 5 CLOSED

mschae commented on July 20, 2024

Regex isn't working on preflight request

from cors_plug.

Comments (5)

mschae commented on July 20, 2024 1

Hey @macabeus,

your connection isn't refused. Curl is first trying IPv6 (which doesn't work), then IPv4 (which does work). And its returning the correct headers (see this line in your comment: < access-control-allow-origin: http://localhost:8080).

Not sure where the problem lies but the plug seems to be working fine, so I'll go ahead and close the issue. Sorry I can't be of more help.

Stay healthy
Michael

from cors_plug.

mschae commented on July 20, 2024

Hey @macabeus,

sorry to hear you're heaving trouble with this plug.

To verify I wrote a few quick tests but they seem to work just fine:

  test "regex works" do
    opts = CORSPlug.init(origin: [~r/http:\/\/localhost:\d+$/, "https://other-addresses.net"])

    conn =
      :get
      |> conn("/")
      |> put_req_header("origin", "http://localhost:8000")
      |> CORSPlug.call(opts)

    assert ["http://localhost:8000"] == get_resp_header(conn, "access-control-allow-origin")
  end

That test passes, so it seems to be working fine.

First thing that strikes me is that none of your regexes in the example are valid: Both are missing the terminating / and the one where you want to match against arbitrary numbers is using / d instead of \d (see my example). Could it just be a case of simple mistakes in your regexes? Or are those just typos in this issue?

In either case I'd suggest testing your regexes using iex like so:

iex(1)> "https://localhost:8000" =~ ~r/https:\/\/localhost:\d+$/
true

from cors_plug.

macabeus commented on July 20, 2024

@mschae Very thank you for the fast reply!

Yeah, I did a typo when I was writing the issue. I'm sorry for confuse. Good catch.
So I tried again, but I can't fix my issue.

I'm using this code:

plug CORSPlug, origin: [~r/http:\/\/localhost:\d+/,

And validating this regex, it's fine

iex(3)> "http://localhost:8000" =~ ~r/http:\/\/localhost:\d+/ 
true

I restarted the Phoenix's server and I'm still receiving the same error on preflight step:

Also I received these logs on phoenix:

17:16:25.824 [info]  OPTIONS /api/sign_in

17:16:25.839 [info]  Sent 204 in 15ms

(there is no more logs)

On browser side, I'm using the fetch function.

Am I doing anymore mistake?

from cors_plug.

mschae commented on July 20, 2024

Hey @macabeus,

hard to tell what's going wrong. Might be the way that you set up the CORS plug.

Try this: curl -X OPTIONS -H "Origin: http://localhost:8000" --verbose localhost:8000 and see if you see the right headers there.

from cors_plug.

macabeus commented on July 20, 2024

Hello @mschae

Without regex on cors_plug config and using this curl command, my connection is refused (I changed the ports to follow which I'm using):

> curl -X OPTIONS -H "Origin: http://localhost:8080" --verbose localhost:4000
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 4000 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4000 (#0)
> OPTIONS / HTTP/1.1
> Host: localhost:4000
> User-Agent: curl/7.64.1
> Accept: */*
> Origin: http://localhost:8080
> 
< HTTP/1.1 204 No Content
< access-control-allow-credentials: true
< access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
< access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
< access-control-allow-origin: http://localhost:8080
< access-control-expose-headers: 
< access-control-max-age: 1728000
< cache-control: max-age=0, private, must-revalidate
< date: Wed, 18 Mar 2020 09:02:05 GMT
< server: Cowboy
< vary: Origin
< x-request-id: Ff1aelYL41KVgRoAAALC
< 
* Connection #0 to host localhost left intact
* Closing connection 0

And on Phoenix side:

09:02:05.380 [info]  OPTIONS /

09:02:05.380 [info]  Sent 204 in 215µs

(there is no more logs)

But I really don't know why it doesn't work on curl, because I did the same thing on browser and it worked.

So I tested copying the same headers on preflight request from browser to curl request, but it still doesn't work.

> curl -X OPTIONS \
-H "Accept: */*" \
-H "Accept-Encoding: gzip, deflate, br" \
-H "Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,ar;q=0.6,de;q=0.5,es;q=0.4,fr;q=0.3,it;q=0.2,ja;q=0.1,pl;q=0.1,tr;q=0.1,zh-TW;q=0.1,zh;q=0.1" \
-H "Access-Control-Request-Headers: content-type" \
-H "Access-Control-Request-Method: POST" \
-H "Cache-Control: no-cache" \
-H "Connection: keep-alive" \
-H "Host: localhost:4000" \
-H "Origin: http://localhost:8080" \
-H "Pragma: no-cache" \
-H "Referer: http://localhost:8080/" \
-H "Sec-Fetch-Dest: empty" \
-H "Sec-Fetch-Mode: cors" \
-H "Sec-Fetch-Site: same-site" \
-H "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36" \
--verbose http://localhost:4000/api/sign_in
*   Trying ::1...
* TCP_NODELAY set
* Connection failed
* connect to ::1 port 4000 failed: Connection refused
*   Trying 127.0.0.1...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 4000 (#0)
> OPTIONS /api/sign_in HTTP/1.1
> Host: localhost:4000
> Accept: */*
> Accept-Encoding: gzip, deflate, br
> Accept-Language: pt-BR,pt;q=0.9,en-US;q=0.8,en;q=0.7,ar;q=0.6,de;q=0.5,es;q=0.4,fr;q=0.3,it;q=0.2,ja;q=0.1,pl;q=0.1,tr;q=0.1,zh-TW;q=0.1,zh;q=0.1
> Access-Control-Request-Headers: content-type
> Access-Control-Request-Method: POST
> Cache-Control: no-cache
> Connection: keep-alive
> Origin: http://localhost:8080
> Pragma: no-cache
> Referer: http://localhost:8080/
> Sec-Fetch-Dest: empty
> Sec-Fetch-Mode: cors
> Sec-Fetch-Site: same-site
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
> 
< HTTP/1.1 204 No Content
< access-control-allow-credentials: true
< access-control-allow-headers: Authorization,Content-Type,Accept,Origin,User-Agent,DNT,Cache-Control,X-Mx-ReqToken,Keep-Alive,X-Requested-With,If-Modified-Since,X-CSRF-Token
< access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,OPTIONS
< access-control-allow-origin: http://localhost:8080
< access-control-expose-headers: 
< access-control-max-age: 1728000
< cache-control: max-age=0, private, must-revalidate
< date: Wed, 18 Mar 2020 09:26:59 GMT
< server: Cowboy
< vary: Origin
< x-request-id: Ff1b1nypoWlIisYAAAPC
< 
* Connection #0 to host localhost left intact
* Closing connection 0

Might be the way that you set up the CORS plug.

I set up adding the plug CORSPlug on module Endpoint one line before of plug MyApp.Router

from cors_plug.

Regex isn't working on preflight request about cors_plug HOT 5 CLOSED

Comments (5)

Related Issues (20)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent