New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include' #431

Closed
pietervogelaar opened this Issue Nov 9, 2017 · 5 comments

Comments

Projects
None yet
2 participants
@pietervogelaar

pietervogelaar commented Nov 9, 2017

In the Google Chrome console tab I often see this:

Failed to load https://tst-stackstorm-api.example.org/api/v1/stream?x-auth-token=c164dc91744....12360885: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. Origin 'https://tst-stackstorm.example.org' is therefore not allowed access.

Any idea what goes wrong?

@enykeev

This comment has been minimized.

Show comment
Hide comment
@enykeev

enykeev Nov 9, 2017

Member

What version of st2 are you running? We're returning proper header since 2.4.0 (https://github.com/StackStorm/st2/pull/3566/files#diff-a6954074582e3673f29108445f4b5310R77). If you're using a proxy of some kind, please make sure the header propagates properly.

Member

enykeev commented Nov 9, 2017

What version of st2 are you running? We're returning proper header since 2.4.0 (https://github.com/StackStorm/st2/pull/3566/files#diff-a6954074582e3673f29108445f4b5310R77). If you're using a proxy of some kind, please make sure the header propagates properly.

@pietervogelaar

This comment has been minimized.

Show comment
Hide comment
@pietervogelaar

pietervogelaar Nov 9, 2017

Version 2.4.1.

Apache is used as reverse proxy:

# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************

<VirtualHost *:80>
  ServerName stackstorm

  ## Vhost docroot
  DocumentRoot "/opt/stackstorm/static/webui"
  ## Alias declarations for resources outside the DocumentRoot
  Alias /job-monitor "/opt/applications/job-monitor"

  ## Directories, there should at least be a declaration for /opt/stackstorm/static/webui

  <Directory "/opt/stackstorm/static/webui">
    Options
    AllowOverride All
    Require all granted
  </Directory>

  ## Logging
  ErrorLog "/var/log/httpd/stackstorm_error.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/stackstorm_access.log" combined

  ## Request header rules
  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
  RequestHeader set X-Forwarded-Proto "http"

  ## Proxy rules
  ProxyRequests Off
  ProxyPreserveHost Off
  ProxyPass /job-monitor/fetchJobViews http://127.0.0.1:5000/fetchJobViews
  ProxyPassReverse /job-monitor/fetchJobViews http://127.0.0.1:5000/fetchJobViews
  ## Rewrite rules
  RewriteEngine On

  #Force HTTPS
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule (.*) https://tst-stackstorm.example.org%{REQUEST_URI} [R=301,L]


  ## Server aliases
  ServerAlias *
</VirtualHost>

pietervogelaar commented Nov 9, 2017

Version 2.4.1.

Apache is used as reverse proxy:

# ************************************
# Vhost template in module puppetlabs-apache
# Managed by Puppet
# ************************************

<VirtualHost *:80>
  ServerName stackstorm

  ## Vhost docroot
  DocumentRoot "/opt/stackstorm/static/webui"
  ## Alias declarations for resources outside the DocumentRoot
  Alias /job-monitor "/opt/applications/job-monitor"

  ## Directories, there should at least be a declaration for /opt/stackstorm/static/webui

  <Directory "/opt/stackstorm/static/webui">
    Options
    AllowOverride All
    Require all granted
  </Directory>

  ## Logging
  ErrorLog "/var/log/httpd/stackstorm_error.log"
  ServerSignature Off
  CustomLog "/var/log/httpd/stackstorm_access.log" combined

  ## Request header rules
  ## as per http://httpd.apache.org/docs/2.2/mod/mod_headers.html#requestheader
  RequestHeader set X-Forwarded-Proto "http"

  ## Proxy rules
  ProxyRequests Off
  ProxyPreserveHost Off
  ProxyPass /job-monitor/fetchJobViews http://127.0.0.1:5000/fetchJobViews
  ProxyPassReverse /job-monitor/fetchJobViews http://127.0.0.1:5000/fetchJobViews
  ## Rewrite rules
  RewriteEngine On

  #Force HTTPS
  RewriteCond %{HTTP:X-Forwarded-Proto} !https
  RewriteRule (.*) https://tst-stackstorm.example.org%{REQUEST_URI} [R=301,L]


  ## Server aliases
  ServerAlias *
</VirtualHost>
@pietervogelaar

This comment has been minimized.

Show comment
Hide comment
@pietervogelaar

pietervogelaar Nov 9, 2017

This is only the GUI. StackStorm itself runs on a separate server with Nginx as reverse proxy.

The response headers are:

Access-Control-Allow-Headers:Content-Type,Authorization,X-Auth-Token,St2-Api-Key,X-Request-ID
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:https://tst-stackstorm.example.org
Access-Control-Expose-Headers:Content-Type,X-Limit,X-Total-Count,X-Request-ID
Connection:close
Content-Type:text/event-stream; charset=UTF-8
Date:Thu, 09 Nov 2017 10:21:10 GMT
Server:nginx/1.10.1
X-Content-Type-Options:nosniff
X-Request-ID:917f704c-f027-......d8d84c

pietervogelaar commented Nov 9, 2017

This is only the GUI. StackStorm itself runs on a separate server with Nginx as reverse proxy.

The response headers are:

Access-Control-Allow-Headers:Content-Type,Authorization,X-Auth-Token,St2-Api-Key,X-Request-ID
Access-Control-Allow-Methods:GET,POST,PUT,DELETE,OPTIONS
Access-Control-Allow-Origin:https://tst-stackstorm.example.org
Access-Control-Expose-Headers:Content-Type,X-Limit,X-Total-Count,X-Request-ID
Connection:close
Content-Type:text/event-stream; charset=UTF-8
Date:Thu, 09 Nov 2017 10:21:10 GMT
Server:nginx/1.10.1
X-Content-Type-Options:nosniff
X-Request-ID:917f704c-f027-......d8d84c
@pietervogelaar

This comment has been minimized.

Show comment
Hide comment
@pietervogelaar

pietervogelaar Nov 9, 2017

I see now that the installed st2 package is version 2.3.2, so I will look into that.. thanks!

pietervogelaar commented Nov 9, 2017

I see now that the installed st2 package is version 2.3.2, so I will look into that.. thanks!

@pietervogelaar

This comment has been minimized.

Show comment
Hide comment
@pietervogelaar

pietervogelaar Nov 9, 2017

I can confirm that the problem is solved with 2.4.1.

pietervogelaar commented Nov 9, 2017

I can confirm that the problem is solved with 2.4.1.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment