Comments (4)
Turns out, I was unable to repro this when connecting directly to the proxy. I am not too worried, the whole point of the reverse proxy is to get all requests to be same-origin when hosted, so this won't be an issue besides local dev. And we can use a non-reverse-proxied unleash proxy there. Thanks for the help @nya1!
from unleash-proxy.
@nya1 Any input here? Looks like this was added pretty recently #4
from unleash-proxy.
Hello,
Are you able to provide the error that you receive on the browser?
I tried to reproduce the issue locally following the mentioned steps but I'm always getting back the Access-Control-Allow-Origin
header, examples requests made with curl (I also tested via an html page and getting the same behavior):
❯ curl -I --location --request GET 'http://localhost:3000/proxy?userId=99' \
-H 'Origin: http://example.com' \
-H 'Authorization: some-secret'
HTTP/1.1 200 OK
Access-Control-Allow-Origin: http://example.com
Vary: Origin, Accept-Encoding
Cache-control: public, max-age=2
Content-Type: application/json; charset=utf-8
Content-Length: 9299
ETag: W/"2453-1yoqHWPP3DU/zVKAUXQQ02ygZQ0"
Date: Fri, 15 Jul 2022 11:50:48 GMT
Connection: keep-alive
Keep-Alive: timeout=5
❯ curl -I --location --request GET 'http://localhost:3000/proxy?userId=99' \
-H 'Origin: http://example.com' \
-H 'Authorization: some-secret' \
-H 'if-none-match: W/"2453-1yoqHWPP3DU/zVKAUXQQ02ygZQ0"'
HTTP/1.1 304 Not Modified
Access-Control-Allow-Origin: http://example.com
Vary: Origin
Cache-control: public, max-age=2
ETag: W/"2453-1yoqHWPP3DU/zVKAUXQQ02ygZQ0"
Date: Fri, 15 Jul 2022 11:50:52 GMT
Connection: keep-alive
Keep-Alive: timeout=5
Cors options used: (tested also using localhost)
cors: {
origin: 'http://example.com',
}
p.s. probably it's a typo but the Access-Control-Allow-Origin
response header that you receive should be the same as the one that you have entered during cors initialization (the same location where your webapp is located), so in your case should return http://localhost:3000
and not http://localhost:3001
from unleash-proxy.
Hi @nya1 I was able to still repro the issue with your exact requests
first request
➜ ~ curl --location --request GET 'https://redacted/proxy?userId=myUser2' -i \
--header 'Origin: http://example.com' \
--header 'Authorization: redacted'
HTTP/2 200
access-control-allow-origin: http://localhost:3001
cache-control: public, max-age=2
content-type: application/json; charset=utf-8
etag: W/"87-/cEiJdy7BgvCABHt6xVgsypDIcs"
via: 1.1 spaces-router (b642bf20b975), 1.1 varnish
accept-ranges: bytes
date: Fri, 15 Jul 2022 15:41:36 GMT
age: 0
x-served-by: cache-pao17421-PAO
x-cache: MISS
x-cache-hits: 0
x-timer: S1657899697.549769,VS0,VE256
vary: Origin, Accept-Encoding
content-length: 135
second request
➜ ~ curl --location --request GET 'https://redacted/proxy?userId=myUser2' -i \
--header 'Origin: http://example.com' \
--header 'Authorization: redacted' \
--header 'if-none-match: W/"87-/cEiJdy7BgvCABHt6xVgsypDIcs"'
HTTP/2 304
date: Fri, 15 Jul 2022 15:44:40 GMT
via: 1.1 varnish
cache-control: public, max-age=2
etag: W/"87-/cEiJdy7BgvCABHt6xVgsypDIcs"
age: 0
x-served-by: cache-sjc10020-SJC
x-cache: MISS
x-cache-hits: 0
x-timer: S1657899880.429934,VS0,VE191
vary: Origin, Accept-Encoding
I do have another Unleash environment running without the reverse proxy - I will try and see if I can repro there.
from unleash-proxy.
Related Issues (20)
- Support for refresh interval jitter HOT 9
- Pass `req` to context enrichers HOT 6
- Connecting to gitlab ERROR: Error: Unleash Repository error: Response was not statusCode 2XX, but was 401 HOT 1
- The Proxy API returns all feature toggles, even those from projects that are disabled for the requested environment HOT 4
- use `logger.debug` in `getAllToggles` HOT 3
- OpenAPI gets broken when using PROXY_BASE_PATH HOT 1
- Unleash Proxy does not return Feature flags for dev environment HOT 4
- Add option to expose metrics via prometheus endpoint HOT 3
- Server side token config no long working in latest version v0.16.3 HOT 3
- CORS_ORIGIN doesn't support a comma separated value contrary to what's stated in the docs HOT 1
- Add CurrentTime to createRequestParameters HOT 5
- Fix vuln CVE-2023-6237 docker image update HOT 1
- Add x-unleash-proxy-version header to the proxy HOT 3
- openssl:3.1.4-r5/CVE-2024-2511 HOT 2
- Unexpected behavior when isEnabled in Custom Strategy definition has an exception thrown HOT 4
- Disable prometheus endpoint HOT 4
- Return disabled toggles as well on the proxy endpoint HOT 27
- Problem Running on AWS Lambda HOT 17
- Allow configuring the value for httpOptions.rejectUnauthorized via Environment variables HOT 6
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from unleash-proxy.