• Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: UI


      Trying to align Aspera Addon on last 11.4.X (11.4.42), using WEB-UI nuxeo-web-ui-3.1.0-rc.9. We are facing a CORS issue locally.
      As reminder Asper addon will use Aspera Connect JS Client and will load the JS files from http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga/.
      But on Nuxeo 11.4.42 we got a Cors errors in the browser console:

      Access to fetch at 'http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga/v4/asperaweb-4.min.js?ts=1607337645230' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

      I tried to add the Nuxeo Cors configuration:

      <?xml version="1.0"?>
      <component name="org.nuxeo.ecm.platform.ui.web.cors.dev.aspera">
        <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService" point="corsConfig">
          <corsConfig name="Aspera" allowOrigin="http://d3gcli72yxqn2z.cloudfront.net http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga/v4" 
                        supportedHeaders="*" allowSubdomains="true" supportedMethods="GET,HEAD,OPTIONS,POST,PUT,DELETE" supportsCredentials="true">
      • And even with allowOrigin="* :
        <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService" point="corsConfig">
            <corsConfig name="Aspera" allowOrigin="*" supportedMethods="GET,HEAD,OPTIONS,POST,PUT,DELETE" >

      But We got the same error. I tried to debug Platform side and I saw that we use com.thetransactioncompany.cors.CORSFilter and from what I saw we will be in the case CORSFilter. In this case the http response is not updated and I didn't see any Http response related to Cors: Access-Control-Allow-Origin, Access-Control-Allow-Methods doesn't exists in http header response.


      After a discussion with Nelson, he explained that the issue is related to the way that we handle the service worker On WEB UI.

      To fix the issue temporarly we can:

      • Clear sw explicitly in Application tab of the dev tool of the browser
      • Clear browser cache.





            • Assignee:
              saouana Salem Aouana
            • Votes:
              0 Vote for this issue
              1 Start watching this issue


              • Created: