Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Service Bus] ServiceBusAdministrationClient Browser requests do not work unless web security is disabled #4983

Closed
ramya0820 opened this issue Sep 4, 2019 · 17 comments
Closed

[Service Bus] ServiceBusAdministrationClient Browser requests do not work unless web security is disabled #4983

ramya0820 opened this issue Sep 4, 2019 · 17 comments
Labels
Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved. Service Bus

Comments

@ramya0820
Copy link
Member

ramya0820 commented Sep 4, 2019
edited
Loading

The ATOM management API currently don't work in the browser unless web security is disabled.

  • This is due to a CORS policy error and it looks like the response headers are not being set properly.
    Specifically -> Access-Control-Allow-Origin
  • For requests that go via the Azure Portal, this gets set to https://ms.portal.azure.com by the service.
  • More investigation is needed by service team; we may need a plan and security threat analysis to address the changes required for this implementation to work in browser for our users.
@ramya0820 ramya0820 added Client This issue points to a problem in the data-plane of the library. Service Bus labels Sep 4, 2019
@ramya0820 ramya0820 mentioned this issue Sep 4, 2019
Merged
@ramya0820 ramya0820 self-assigned this Sep 5, 2019
@ramya0820 ramya0820 removed their assignment Oct 4, 2019
@ramya0820
Copy link
Member Author

Closing as service side team is informed and engaged

@ramya0820
Copy link
Member Author

ramya0820 commented Jan 14, 2020
edited
Loading

Re-opening this as this affects our ability from SDK side - since an end to end browser sample using this feature would work only if web security is disabled in the browser.

Once we have updates from service side, we can use this issue to track investigation/efforts to update/add sample possibly

cc @AlexGhiondea @ramya-rao-a

@ramya0820 ramya0820 reopened this Jan 14, 2020
@ramya-rao-a ramya-rao-a added this to the [2020] October milestone Sep 14, 2020
@HarshaNalluru
Copy link
Member

Error seen in the browser

Access to XMLHttpRequest at 'https://<namespace>.servicebus.windows.net/<queue>?api-version=2017-04' from origin 'http://localhost:1234' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

@HarshaNalluru
Copy link
Member

Talked to @sadasant on this.

Thoughts after the discussion:
Ideally, the service should provide an option to the users to set the CORS policy on the namespace similar to what storage does.
image
https://docs.microsoft.com/en-us/rest/api/storageservices/Cross-Origin-Resource-Sharing--CORS--Support-for-the-Azure-Storage-Services?redirectedfrom=MSDN

For testing, we can continue with --disable-web-security flag in karma conf until the service supports enabling CORS rules.

@ramya-rao-a
Copy link
Contributor

What affect does this have on users writing web applications? Is the problem only when they try to add tests for their code?

@HarshaNalluru
Copy link
Member

Anybody who's trying to use ServiceBusAdministrationClient directly through the browsers would run into this issue(blocked request), not just testing.
If the service lets users manage/enable CORS rules or allow all the origins by default(*), this issue will be resolved.
Another option is to launch the browser by providing a flag to disable web security, which is not ideal since it is not as secure.

@ramya-rao-a
Copy link
Contributor

Ok, lets document this in the readme for now and then work with the service team in the coming months to see how best to fix this

@HarshaNalluru HarshaNalluru mentioned this issue Nov 6, 2020
Merged
ghost pushed a commit that referenced this issue Nov 10, 2020
@HarshaNalluru
[Service Bus] Mention "CORS not supported" in readme (#12341)
8a96b00 
### Issue #4983
@ramya-rao-a ramya-rao-a modified the milestones: [2020] December, Backlog Nov 10, 2020
@abdou89
Copy link

abdou89 commented Mar 27, 2021

Hello team !
is there a fix to the CORS error yet ? i'm currently working on a app that uses the service bus sdk and make calls from the browser but i'm stuck on this , disabling web security is not an option for me ..thanks !

@ramya-rao-a
Copy link
Contributor

Hey @abdou89

No updates yet. We will be revisiting this in the next few months and follow up with the service team on next steps

@TyreeceSimpson
Copy link

TyreeceSimpson commented Oct 5, 2021
edited
Loading

Hey team,
Is there any update on this as I am in the same position as @abdou89?

@ramya-rao-a
Copy link
Contributor

Hey @TyreeceSimpson

This would require a change from the service side and we don't have an ETA on that. We will try and get this out of their backlog and update this thread if there is any progress

@ramya-rao-a ramya-rao-a added the feature-request This issue requires a new behavior in the product in order be resolved. label Oct 5, 2021
@Jose-27
Copy link

Jose-27 commented Oct 19, 2021

Hey @TyreeceSimpson

I am not sure if this applies to @azure/cosmos, but I am facing the same issue regarding CORS in the browser.
Endpoint: <https://{dbname}.documents.azure.com:443
Key=<******>
const client = new CosmosClient({ endpoint, key });

Any updates so far?

@TyreeceSimpson
Copy link

@Jose-27

Unfortunately I'm still a bit stuck on this. The only solution that I have seen mentioned is have a proxy between the two.

@ramya-rao-a
Copy link
Contributor

@Jose-27 The npm package for cosmos has a section on CORS which then links to Configure Cross-Origin Resource Sharing for Cosmos. If things still don't work, please log a new issue. This issue here is for tracking the problem for Service Bus

@jeremymeng jeremymeng mentioned this issue Sep 28, 2022
Open
@hybridtechie
Copy link

Facing the same issue. Any updates on this? @ramya-rao-a

@jeremymeng
Copy link
Contributor

@hybridtechie if you are using the ServiceBusAdministrationClient from @azure/service-bus package, there is no update from the service team on this. If you are using other packages please log a new issue.

@jeremymeng jeremymeng changed the title [Service Bus] Browser requests do not work unless web security is disabled [Service Bus] ServiceBusAdministrationClient Browser requests do not work unless web security is disabled Apr 25, 2023
@github-actions GitHub Actions
Copy link

Hi @ramya0820, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.

@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Mar 22, 2024
@github-actions github-actions bot locked and limited conversation to collaborators Mar 22, 2024
@xirzec xirzec removed this from the Backlog milestone May 7, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
Client This issue points to a problem in the data-plane of the library. feature-request This issue requires a new behavior in the product in order be resolved. Service Bus
Projects
Azure SDK for Service Bus
Status: Done
Milestone
No milestone
Development

No branches or pull requests
9 participants
@xirzec @Jose-27 @hybridtechie @jeremymeng @HarshaNalluru @ramya-rao-a @abdou89 @TyreeceSimpson @ramya0820