webui broken?

[jbenet]

can't use the webui in 0.3.8 -- looks like some permission errors-- others seeing this?

[victorb]

Seeing this on go-ipfs/0.3.9-dev too

[whyrusleeping]

Hrm, its working fine on my machine... (not that that means much).

@victorbjelkholm your issues look like CORS problems, which is definitely strange.

@jbenet what problems were you seeing? what do you mean by 'cant use the webui' does it not load? do things not come up?

[victorb]

@whyrusleeping it's definitely not a CORS problem. First, the requests happen from one domain, to the same domain but different path. Also, get the same response using cURL.

None of the pages is working since every single request except the static resources returns a 403 forbidden.

To add some debug information, I'm accessing the webui on a different machine, not on my local machine, if that could be the issue.

This is how the UI is broken with the forbidden requests:

[whyrusleeping]

To add some debug information, I'm accessing the webui on a different machine, not on my local machine, if that could be the issue.

Are you running it with the CORS headers set correctly for that machine? by default the api requests the webui uses can only be made from the localhost, in your setup (accessing from a different machine) those calls would be made from your browser (on a different machine/host).

[victorb]

@whyrusleeping I'm not supposed to have to set the Origin header of CORS if the requests are made to/from the same domain. It's only supposed to reject the request if CORS headers are missing and the request is to/from different domains/subdomains/ports.

Seems like the API that the webui is using is unnecessary restrictive. Looks like the request is invalid if I set the Refer header, even if the Refer is the same as the actual host the daemon is running on. Without any headers at all, I can perfectly fine access the API. With Refer header set to anything, the request results in 403.

[jbenet]

@victorbjelkholm i think you're right.

[jbshirk]

I stopped using the webui before updating to 0.3.8 because i couldn't use it to add assets, list peers, and after a while it stopped listing new assets, etc, but it least it showed me my correct id and the assets I had initially added a month or more ago.

I emphasize that from the shell, I can add assets, list assets, list swarm peers, but for some reason, only assets added before a certain date (on or shortly after Oct 20) appear on the webui files list.

Maybe/maybe not relevant:
I discovered this after noticing that new adds take a long long time to get out to the ipfs net, timing out with this message:
Path Resolve error: context deadline exceeded

But again, they do eventually make it.

[jbshirk]

[jbshirk]

Ah excuse me, I just realized that QmS2HL9v5YeKgQkkWMvs1EMnFtUowTEdFfSSeMT4pos1e6 is the webui hash, not anything to do with my ID. This is subtracted from the mystery AFAIAC, and I have revised the above to one single legitimate issue, that is, the webui displays, but is not getting an updated file list, in addition to the already noted issue of showing no ID, peers, etc.

[MichaelMure]

I had the same problem, and after adding http://127.0.0.1 and http://127.0.0.1:5001 in API.HTTPHeaders Access-Control-Allow-Origin, the webui finally load fully and works correctly.

I'd say it should be added as default.

[daviddias]

@MichaelMure I believe that is because only 'localhost:5001' is whitelisted to bypass CORS

[MichaelMure]

I think someone can close this one as #2021 got merged.