API: Allow CORS API requests no matter what FQDN the UI is hosted on #441
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
agpituk
requested changes
Nov 27, 2024
aittalam
reviewed
Nov 27, 2024
peteski22
force-pushed
the
api/allow-all-origins
branch
from
cd952b3 to
7a2db88
Compare
aittalam
approved these changes
Nov 29, 2024
agpituk
approved these changes
Nov 29, 2024
|
Thanks for all the changes! looks good!! :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What's changing
This PR changes the backend API configuration to allow setting the CORS allowed origins that are accepted. It also defaults to
http://localhostandhttp://localhost:3000when nothing is configured.Previously it was limited to only accepting requests from the UI when it the UI is hosted via HTTP on
localhostports80or3000.How to test it
gh pr checkout 4411. No environment variable set
This example starts Lumigator with no env var configured, the default will be used.
make local-upcd lumigator/frontendnpm installnpm run devOpen
http://127.0.0.1:3000in a browser and the health check (top right) should reportOK(no errors shown, no errors in the developer tools network tab/console).Also the logs in the backend container will show:
2. Configure local environment variable
This example starts Lumigator specifying a list of allowed origins that should be used.
LUMI_API_CORS_ALLOWED_ORIGINS="http://localhost:8080" make local-up(note: you can also use
LUMI_API_CORS_ALLOWED_ORIGINS="*" make local-upto allow all)cd lumigator/frontendnpm installnpm run buildcd distnpx http-serverOpen
http://127.0.0.1:8080in a browser and the health check (top right) should reportOK(no errors shown, no errors in the developer tools network tab/console).Also the logs in the backend container will show:
3. Configure environment variable without required origin
This example starts Lumigator, specifying allowed origins, but NOT the one for
8080which is required for our test UI to work.LUMI_API_CORS_ALLOWED_ORIGINS="http://localhost:9999" make local-upcd lumigator/frontendnpm installnpm run buildcd distnpx http-serverOpen
http://127.0.0.1:8080in a browser and the health check (top right) should fail.Also the logs in the backend container will show:
Additional notes for reviewers
The UI is hosted on
8080in this example, which means a CORS pre-flight OPTIONS request will be sent to the backend asking if it allows cross-domain requests from 'http://localhost:8080' (the scheme+host+port are important to CORS).Previously only
http://localhost:80andhttp://localhost:3000were allowed so the UI would fail to make requests to the API to get health status, datasets etc. but now it works.I already...