Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cross-Origin Request Blocked #48

Closed
Nick-Gottschlich opened this issue Dec 20, 2017 · 19 comments

Comments

Projects
None yet
6 participants
@Nick-Gottschlich
Copy link

commented Dec 20, 2017

Hi y'all

Just want to start by saying awesome project you've got going, I'm excited to get this up and running.

I'm trying to get schnack up and running on my homepage which is a static site using gatsbyjs. I've added the script tag (you can see here) to all my blog posts and deployed.

I set up a subdomain at schnack.nickpgott.com (nearlyfreespeech.net is my webhost). I ssh'd in and went to /home/private , git clone'd this repo, went into the folder and did npm install and npm run server. I set up my config.json file too with the necessary stuff.

Then I went to /home/public and copied over the embed.js so it would be accessible at https://schnack.nickpgott.com/embed.js

Now on my site I'm seeing an error

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://schnack.nickpgott.com/comments/The%20Effects%20of%20a%202K%20Liked%20Tweet%20on%20Tril%20DLs. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

image

You can see this too if you pop open the console on one of my blog posts.

I've been looking into CORS stuff a bit to see if I need to configure something on my subdomain's server, but haven't been able to figure it out. I figure I would ask here to see if y'all have any solutions.

One more question too, is there a recommended way to keep the npm run server script running? I'm not sure but I think it will break when the connection between my computer and the subdomain's server is broken.

Thanks in advance, and for all of your hard work on this!

@janpio

This comment has been minimized.

Copy link
Contributor

commented Dec 20, 2017

I am not getting the CORS error but only an OPTIONS request to for the comments:
image

Opening the URL manually with GET returns a 404:
https://schnack.nickpgott.com/comments/The%20Effects%20of%20a%202K%20Liked%20Tweet%20on%20Tril%20DLs
https://schnack.nickpgott.com/comments/foo

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Dec 20, 2017

I think I set up the "page_url" in the config wrong, let me try modifying that.

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Dec 20, 2017

Updated the config.json to have page_url actually link to my blog posts (and am passing in the right slug from the script). I'm still seeing the fetch to the /comments url from the old config file. Is there something I need to do to reset the server?

Oh I see https://github.com/gka/schnack/blob/master/build/embed.js#L201 <- schnack is actually making a link to schnack.mysite/comments/slug. So do I need to actually set up that directory somehow?

@moklick

This comment has been minimized.

Copy link
Collaborator

commented Dec 20, 2017

Hey Nick. When schnack is up and running you should see an empty page here: https://schnack.nickpgott.com It seems that port 80 doesn't point to 3000 (schnack standard port). You might need to setup a port forwarding for that subdomain to port 3000. You don't need to create a folder "comments". That content gets served by the schnack server.

@janpio

This comment has been minimized.

Copy link
Contributor

commented Dec 20, 2017

Is there something I need to do to reset the server?

Kill and restart it, depending on how exactly you started it.

schnack is actually making a link to schnack.mysite/comments/slug

host is the hostname of your schnack installation here.

@gka

This comment has been minimized.

Copy link
Member

commented Dec 21, 2017

yep, if schnack is up and running you should get a reply saying {"test":"ok"}, like here:
https://schnack.vis4.net/

@janpio

This comment has been minimized.

Copy link
Contributor

commented Dec 21, 2017

OT: @Nick-Gottschlich NFSN looks interesting, are you using a tutorial for hosting node there?

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Dec 21, 2017

@janpio Nope, just winging it. No real idea what I'm doing here ha. If you have any suggestions please let me know I'm eager to learn, I know very little about the back end side of website/server hosting.

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Dec 26, 2017

OK, I followed this tutorial to get node-js set up: http://www.mopsled.com/2015/run-nodejs-on-nearlyfreespeechnet/

The hello world worked, but I get a (61) Connection refused error when trying schnack. I think it could be an issue with the way I'm proxying:

image

or my config.json file (the ones with xxxxx are how they actually are in the config file, the RETRACTED ones are an actual secret or id):

 {
    "schnack_host": "https://schnack.nickpgott.com",
    "page_url": "https://nickpgott.com/blog/%SLUG%",
    "port": 8000,
    "admins": [1],
    "oauth": {
        "secret": "xxxxx",
        "twitter": {
            "consumer_key": "RETRACTED",
            "consumer_secret": "RETRACTED"
        },
        "github": {
            "client_id": "RETRACTED",
            "client_secret": "RETRACTED"
        }
    },
    "notify": {
        "pushover": {
            "app_token": "xxxxx",
            "user_key": "xxxxx"
        },
        "webpush": {
            "vapid_public_key": "RETRACTED",
            "vapid_private_key": "RETRACTED"
        },
        "slack": {
            "webhook_url": "xxxxx"
        }
    },
    "date_format": "MMMM DD, YYYY - h:mm a"
}

So a couple questions:

  • Should I be proxying to the port in the config file? And should that entry be a different port?
  • What is the secret at the beginning of oauth?

Oh, and, Merry Christmas 🎄

@g-div

This comment has been minimized.

Copy link
Member

commented Jan 3, 2018

Should I be proxying to the port in the config file?

Yes.

And should that entry be a different port?

Different from... ?

What is the secret at the beginning of oauth?

It's passed to express-session.

I've updated the README, hope this helps.

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Jan 3, 2018

@g-div What I mean is what port should I be using? Can I just pick any port (like 8000) or does schnack require a specific port to be used?

@janpio

This comment has been minimized.

Copy link
Contributor

commented Jan 3, 2018

schnack "locally" can run on any port, most system allow x000+ for this. Then you normally bind public port 80 to it so that it is available directly via its domain. (probably wrong or not exact words, but I hope you get what it means)

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Jan 5, 2018

@janpio sorry, I'm a little confused by what you mean. I have figured out that if I run my run.sh script and then do a curl localhost:3000 I get the correct {"test":"ok"} response (I changed the port to 3000 in the config)

image

So I have to someone how bind the public facing port 80, to the internally facing port 3000? Which I can set up on the actual server somehow or possibly in the config settings in the nearlyfreespeech.net panel for my site?

@janpio

This comment has been minimized.

Copy link
Contributor

commented Jan 6, 2018

Config setting on NFS. Probably: Login -> Sites -> Click the site -> Scroll down -> Add a proxy -> "Target Port" = 3000 -> "Add Proxy". But untested for now ;)

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Jan 6, 2018

image

I have this proxy running but I still get this error:

image

Gonna play around with the proxy settings for a while and see what happens.

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Jan 6, 2018

> schnack@0.1.3 server /home/protected/schnack
> NODE_ENV=development nodemon index.js

^[[33m[nodemon] 1.12.1^[[39m
^[[33m[nodemon] to restart at any time, enter `rs`^[[39m
^[[33m[nodemon] watching: *.*^[[39m
^[[32m[nodemon] starting `node index.js`^[[39m
server listening on 3000
events.js:160
      throw er; // Unhandled 'error' event
      ^

Error: SQLITE_READONLY: attempt to write a readonly database
    at Error (native)
^[[31m[nodemon] app crashed - waiting for file changes before starting...^[[39m

Okay, found my way into the logs, looks like I might have to somehow set up permissions so that schnack can write to the SQLITE database. I'm gonna try giving additional permissions to the run.sh file (chmod +rwx run.sh).

@Nick-Gottschlich

This comment has been minimized.

Copy link
Author

commented Jan 8, 2018

Okay, I did chmod 777 comments.db and chmod 777 sessions.db and now it's up and running! https://schnack.nickpgott.com/

I kind of feel like that's way to many permissions too be giving out, I don't really get how linux permissions work, so if anyone has any advice that would be much appreciated.

Now I see this on my blog posts:

image

Authentication seems to be having some errors:

Twitter gets this:

image

Error: Could not authenticate you.
    at Strategy.parseErrorResponse (/home/protected/schnack/node_modules/passport-twitter/lib/strategy.js:202:14)
    at Strategy.OAuthStrategy._createOAuthError (/home/protected/schnack/node_modules/passport-oauth1/lib/strategy.js:393:16)
    at /home/protected/schnack/node_modules/passport-oauth1/lib/strategy.js:244:41
    at /home/protected/schnack/node_modules/oauth/lib/oauth.js:543:17
    at passBackControl (/home/protected/schnack/node_modules/oauth/lib/oauth.js:397:13)
    at IncomingMessage.<anonymous> (/home/protected/schnack/node_modules/oauth/lib/oauth.js:409:9)
    at emitNone (events.js:91:20)
    at IncomingMessage.emit (events.js:185:7)
    at endReadableNT (_stream_readable.js:974:12)
    at _combinedTickCallback (internal/process/next_tick.js:80:11)

and GitHub gets this:

image

I also noticed a problem where I have to actually be on the page of the blog post and refresh to get the comments working. That probably has to do with the static/react nature of my website, I'll probably need to set up some kind of watcher to check for scripts to run on every page change.

but hey, progress!

@g-div

This comment has been minimized.

Copy link
Member

commented Jan 10, 2018

Did you correctly configured the callback URLs on Github and Twitter ? Do you use the right client_id and client_secret ? Check you configuration and if you still thinking this is a schnack's bug, feel free to open another specific issue about your authentication problems. I will close this one to avoid to go off-topic.

@g-div g-div closed this Jan 10, 2018

@poVoq

This comment has been minimized.

Copy link

commented Apr 20, 2019

I am trying to embedd Schnack on a Blogger page and have also run into what appears to be a CORS issue. Schnack returns test:ok fine (running on Phusion Passenger via Plesk) and embedding it on a page with the same main domain seems to work.

But on my blogspot.com Blog (or any other different domain) I get an browser error:
SecurityError: The operation is insecure.(Firefox).

Anyone had luck with a similar setting? I am still new to this kind of CORS stuff, so maybe I am overlooking something obvious. Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.