-
Notifications
You must be signed in to change notification settings - Fork 52
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable CORS access to EdgeX microservices #281
Enable CORS access to EdgeX microservices #281
Comments
For future reference, the current implementation of API gateway is based on KONG. From the document it seems KONG has limited support to enable CORS/cross-origin resource sharing. |
A quick verification/band aid style fix is to run Curl command against KONG. Here is the command that may work:
|
If anyone else is looking for a solution to this, simply using Additionally, you will need to configure the
|
Example utility for CORS from Intel reference implementation We might be able to handle this in the middleware for REST |
Discussed in Core WG meeting 5/13/21. To be done for Jakarta release. Looking at whether there is common code (such as in bootstrapping) or if this needs to be added to edgex-go, SDKs (and associated services) separately as part of the request handling process. For Kong, we'll need to add the Kong plugin (https://docs.konghq.com/hub/kong-inc/cors/) - again for Jakarta |
It was decided in Security WG on 9/15/2021 that the project wants CORS support to be enabled even in the non-security use case. Persuant to this direction, we want to back out the changes for edgexfoundry/edgex-go#1913 and re-implement them in the EdgeX middleware instead of in Kong. As such, we will back out commit edgexfoundry/edgex-go@25b03d0 of PR edgexfoundry/edgex-go#3678 The following configuration options should be added to the service to control the CORS headers:
Actual real-life example from a Kong user:
|
Reverts #3678 due to strategy change. See #1913. It was decided to move CORS functionality to the microservice level so that it can be applied both in the security-enabled as well as security-disabled states. Signed-off-by: Bryon Nevis <bryon.nevis@intel.com>
Middleware implementation should be done in https://github.com/edgexfoundry/go-mod-bootstrap and in C SDK |
More details on the proposed implementation.
|
@cloudxxx8 please take a look at the amount of work here |
it's not hard to add this implementation, but we need more time to test it manually |
On Core WG call we agreed to add PATCH to the CORSAllowedMethods i.e. CORSAllowedMethods = "GET, POST, PUT, PATCH, DELETE" @cloudxxx8 and team, please aim to complete in the next week if possible |
Reopening the issue because I realized that we're not done. There is actually logic we need to implement on the server side. https://www.html5rocks.com/en/tutorials/cors//#toc-cors-server-flowchart Also need to set "Vary: Origin" when supporting CORS. Note that the consul API does not currently expose CORS headers. There was a PR to add the feature, though it is pretty low-level: https://github.com/hashicorp/consul/pull/558/files |
@jpwhitemn @lenny-intel we might need to postpone the code freeze date for this issue |
Waiting for edgexfoundry/edgex-docs#608 |
Issue has been resolved, but believe just Docs work to be done. Per TSC 11/10/21 - close this |
Hello,
馃殌 Feature Request
Relevant Package
This feature request is for the API Gateway
Description
The Edgex components are exposed through REST APIs and those services are usually called from a UI running on a browser. Most browser prevent calls to services at a different origin (CORS) thus making it difficult the interactions with services like Edgex.
There are basically 2 ways to solve the CORS issue. The first one is on the client side (UI application) by using a proxy server. Unfortunately this solution is static and need to know before hand the back end servers.
The second option is to enable the backend server to allow CORS.
Describe the solution you'd like
Currently I have been bypassing this issue by using a proxy server at the client site. However, this solution is not working due to the nature of IoT projects and solutions. The IoT solutions tend to be very dynamic and in my specific example, the number of instances where the Edgex framework is deployed is dynamic and can change. That makes the proxy option irrelevant as that solution is static.
So, the preferred solution will be to allow the user to enable/disable CORS as desired on the API Gateway. That will allow calling the API from UI clients without requiring to use a proxy.
Describe alternatives you've considered
As described above, I am already using a proxy solution but it only works for a static number of Edgex installations.
Thanks in advance,
Marcelo
The text was updated successfully, but these errors were encountered: