Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

buttons not working in mounted mode #23

Open
bonesoul opened this issue May 10, 2016 · 12 comments

Comments

@bonesoul
Copy link

commented May 10, 2016

i have mounted agendash to my own application -- it can render stuff all good but i can't reschedule jobs using them as the buttons are not working.

@vziukas

This comment has been minimized.

Copy link
Contributor

commented Jun 30, 2016

Check if 0.3.2 version helps with your issue

@bonesoul

This comment has been minimized.

Copy link
Author

commented Jun 30, 2016

still no luck;

Failed to load resource: the server responded with a status of 403 (Forbidden)

@simison

This comment has been minimized.

Copy link
Member

commented Sep 1, 2016

Same issue here, none of the buttons work when we run:

$(npm bin)/agendash --db=mongodb://localhost/databasename --collection=agendaJobs --port=1081
  • Agendash 0.3.2
  • Agenda 0.9.0
  • MongoDB 3.2.3
  • NodeJS 6.3.1

It shows jobs correctly, though.

To test, just clone our repo:

git clone https://github.com/Trustroots/trustroots.git
cd trustroots
npm install
npm start

Open http://localhost:1081

When clicking "Requeue selected" (or anything else), I get:

Request URL:http://localhost:1081/api/jobs/requeue
Request Method:POST
Status Code:404 Not Found
Remote Address:[::1]:1081

And at terminal:

/PROJCET/node_modules/agenda/node_modules/mongodb/lib/utils.js:98
    process.nextTick(function() { throw err; });
                                  ^

Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:346:11)
    at ServerResponse.header (/PROJCET/node_modules/express/lib/response.js:719:10)
    at ServerResponse.send (/PROJCET/node_modules/express/lib/response.js:164:12)
    at ServerResponse.json (/PROJCET/node_modules/express/lib/response.js:250:15)
    at /PROJCET/node_modules/agendash/lib/middlewares/express.js:28:18
    at /PROJCET/node_modules/agendash/lib/agendash.js:69:9
    at /PROJCET/node_modules/agenda/lib/agenda.js:320:7
    at /PROJCET/node_modules/agenda/node_modules/mongodb/lib/collection.js:1159:32
    at handleCallback (/PROJCET/node_modules/agenda/node_modules/mongodb/lib/utils.js:96:12)
    at /PROJCET/node_modules/agenda/node_modules/mongodb/lib/collection.js:1191:20
@bonesoul

This comment has been minimized.

Copy link
Author

commented Oct 28, 2016

0.4.0 here

Failed to load resource: the server responded with a status of 403 (Forbidden) /api/jobs/requeue

The thing is that i use agendash as mounted. could be related?

@joeframbach

This comment has been minimized.

Copy link
Member

commented Oct 28, 2016

What version of express are you mounting onto?

On Oct 28, 2016 5:21 AM, "Hüseyin Uslu" notifications@github.com wrote:

0.4.0 here

Failed to load resource: the server responded with a status of 403
(Forbidden) /api/jobs/requeue

The thing is that i use agendash as mounted. could be related?


You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAB7-IeurbAcL7HD5IuiV8tn4PxDXM4Oks5q4ejPgaJpZM4IbeGF
.

@bonesoul

This comment has been minimized.

Copy link
Author

commented Oct 28, 2016

latest express 4

"express": "^4.14.0",

@joeframbach

This comment has been minimized.

Copy link
Member

commented Oct 28, 2016

Does your express app respond to other endpoints? If your express app already has routes like /about, /profile, etc, then attaching Agendash to the root / path might coincide with those other paths.

Where you mount Agendash onto Express like this: app.use('/', Agendash(agenda)), instead use a path prefix that is not used elsewhere, like this: app.use('/dash', Agendash(agenda)).

I have a PR for an update to the readme: #43

@bonesoul

This comment has been minimized.

Copy link
Author

commented Oct 29, 2016

It's already mounted so for me on a unique path.

@joeframbach

This comment has been minimized.

Copy link
Member

commented Oct 29, 2016

The error message says /api/jobs/requeue is forbidden, but you have it
mounted on a unique path, so the expected request should go to
/yourPath/api/jobs/requeue. There may be a broken path.join somewhere, or
your path prefix not being set. I can't reproduce this issue but I will
take a look and see what I can find.

On Oct 29, 2016 5:55 AM, "Hüseyin Uslu" notifications@github.com wrote:

It's already mounted so for me on a unique path.


You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAB7-PO4mlknhSyZAHQRIu46c4nofPwBks5q40I6gaJpZM4IbeGF
.

@yangchristian

This comment has been minimized.

Copy link

commented Jan 6, 2017

Are you by chance using any CSRF middleware, like csurf? We just ran into this issue on our app, and it seems like Express will require a CSRF token for the mounted agendash paths, but agendash itself won't know to use the middleware. We ended up disabling CSRF protection for the agendash endpoints, but you could also probably reuse the middleware for agendash's Express app. Something like this:

var csrf = require('csurf');
var csrfProtection = csrf({ cookie: true });

// Your app
var myApp = express();
app.use(csrfProtection);

// Agendash app
var agendashApp = Agendash(agenda);
agendashApp.use(csrfProtection);
app.use('/agendash', agendashApp);
@bonesoul

This comment has been minimized.

Copy link
Author

commented Jan 6, 2017

@yangchristian yes i was actually using csurf - how to disable it for agendash?

@yangchristian

This comment has been minimized.

Copy link

commented Jan 6, 2017

Not sure how you're using csurf, but we're using a middleware wrapper that applies protection based on the route. It's something like this (rewritten from our TypeScript so may not compile directly):

var csrfFreeRoutes = [
  new RegExp('^/agendash/api/'), // Whatever your mounted path is
  // new RegExp('^/otherRoutes')
];
function isCsrfFree(path) {
  return !!_.find(csrfFreeRoutes, function(regex) {
    return !!regex.test(path);
  });
}
app.use( function(req, res, next) {
  if (isCsrfFree(req.path)) {
    csrf({ cookie: true })(req,res,next);
  } else {
    next();
  }
});
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
5 participants
You can’t perform that action at this time.