Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SSE extension response does not return "Access-Control-Allow-Origin" cause cors #773

Closed
jibenliu opened this issue May 10, 2023 · 6 comments
Closed

SSE extension response does not return "Access-Control-Allow-Origin" cause cors #773

jibenliu opened this issue May 10, 2023 · 6 comments
Labels
question Further information is requested

Comments

@jibenliu
Copy link

jibenliu commented May 10, 2023
edited
Loading

Describe the Question

curl OPTIONS request return 204 http code, but when stream begin return no header about "Access-Control-Allow-Origin"

Reproducible Code

I have used cors middleware

func Cors() app.HandlerFunc {
	return cors.New(cors.Config{
		AllowAllOrigins: *,
		AllowMethods: []string{
			"GET", "POST", "PUT", "PATCH", "DELETE", "HEAD", "OPTIONS",
		},
		AllowHeaders: []string{
			"Content-Type",
			"Authorization",
			"X-Token",
			"Refer",
			"Origin",
			"Zy-Cookie",
		},
		ExposeHeaders: []string{
			"Content-Length",
			"Access-Control-Allow-Origin",
			"Access-Control-Allow-Headers",
			"Access-Control-Request-Headers",
			"Access-Control-Expose-Headers",
			"Content-Type",
			"Zy-Cookie",
		},
		AllowCredentials: true,
		MaxAge:           12 * time.Hour,
	})
}

OPTIONS curl request info

curl -v --location --request OPTIONS 'http://localhost:8888/api/conversation/question/sse' -H 'Origin: http://localhost:3000'
*   Trying 127.0.0.1:8888...
* Connected to localhost (127.0.0.1) port 8888 (#0)
> POST /api/conversation/question/sse HTTP/1.1
> Host: localhost:8888
> Accept: */*
> Accept-Encoding: deflate, gzip
> sec-ch-ua: "Google Chrome";v="113", "Chromium";v="113", "Not-A.Brand";v="24"
> Content-Type: application/json
> Referer: http://localhost:63342/
> Zy-Cookie: my-session=MTY4MzY5MjIzNHxOd3dBTkZaUFRWZEVNMEZQV2pST1NVNUxURXRGUWpSVFNUWkVVa1pOVUV4S1dqVmFXalZTV2pJeldrbElRakpRUWsxVVNrVktTRUU9fC4PQANe3O3pQT7uPhzwJn_geCfbp_uHe28NeQ7Y8kPI
> sec-ch-ua-mobile: ?0
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
> sec-ch-ua-platform: "macOS"
> Content-Length: 16
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 204 No Content
< Server: nginx/1.23.2
< Date: Wed, 10 May 2023 03:09:30 GMT
< Connection: keep-alive
< Access-Control-Allow-Headers: Content-Type,Authorization,X-Token,Refer,Origin,Zy-Cookie
< Access-Control-Max-Age: 43200
< Vary: Origin
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS
< Access-Control-Allow-Origin: http://localhost:3000

POST request curl info

curl -v 'http://localhost:8888/api/conversation/question/sse' \
  -H 'sec-ch-ua: "Google Chrome";v="113", "Chromium";v="113", "Not-A.Brand";v="24"' \
  -H 'Content-Type: application/json' \
  -H 'Referer: http://localhost:63342/' \
  -H 'Zy-Cookie: my-session=MTY4MzY5MjIzNHxOd3dBTkZaUFRWZEVNMEZQV2pST1NVNUxURXRGUWpSVFNUWkVVa1pOVUV4S1dqVmFXalZTV2pJeldrbElRakpRUWsxVVNrVktTRUU9fC4PQANe3O3pQT7uPhzwJn_geCfbp_uHe28NeQ7Y8kPI' \
  -H 'sec-ch-ua-mobile: ?0' \
  -H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36' \
  -H 'sec-ch-ua-platform: "macOS"' \
  --data-raw '{"input":"xxxx"}' \
  --compressed
*   Trying 127.0.0.1:8888...
* Connected to localhost (127.0.0.1) port 8888 (#0)
> POST /api/conversation/question/sse HTTP/1.1
> Host: localhost:8888
> Accept: */*
> Accept-Encoding: deflate, gzip
> sec-ch-ua: "Google Chrome";v="113", "Chromium";v="113", "Not-A.Brand";v="24"
> Content-Type: application/json
> Referer: http://localhost:63342/
> Zy-Cookie: my-session=MTY4MzY5MjIzNHxOd3dBTkZaUFRWZEVNMEZQV2pST1NVNUxURXRGUWpSVFNUWkVVa1pOVUV4S1dqVmFXalZTV2pJeldrbElRakpRUWsxVVNrVktTRUU9fC4PQANe3O3pQT7uPhzwJn_geCfbp_uHe28NeQ7Y8kPI
> sec-ch-ua-mobile: ?0
> User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/113.0.0.0 Safari/537.36
> sec-ch-ua-platform: "macOS"
> Content-Length: 16
> 
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Date: Wed, 10 May 2023 04:24:28 GMT
< Content-Type: text/event-stream
< Cache-Control: no-cache
< Transfer-Encoding: chunked
< 
data:{"code":200,"msg":"delta","data":{"index":0,"content":"I"}}
...

Expected behavior

POST response should return Access-Control-Allow-Origin: http://localhost:3000

Hertz version:

v0.6.2
@li-jin-gou li-jin-gou added the question Further information is requested label May 10, 2023
@li-jin-gou
Copy link
Member

cc @FGYFFFF

@rogerogers
Copy link
Contributor

It looks like the POST request does not have an origin header.

@li-jin-gou
Copy link
Member

@jibenliu Can you add the code of how the middleware is used?

such as or other method?

engine.Use(cors.New())

@jibenliu
Copy link
Author

@jibenliu Can you add the code of how the middleware is used?

such as or other method?

engine.Use(cors.New())

Router.Use(middleware.Cors())
...
customizedRegister(Router) //which is generated by hertz command  hz update -idl idl/XXX.proto

@li-jin-gou
Copy link
Member

@jibenliu
The POST request does not carry the Origin header because of this?
image

@li-jin-gou
Copy link
Member

It looks like the POST request does not have an origin header.

cool @rogerogers

@rogerogers rogerogers mentioned this issue Aug 8, 2023
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
question Further information is requested
Milestone
No milestone
Development

No branches or pull requests
3 participants
@rogerogers @jibenliu @li-jin-gou