Uploaded image for project: 'Nuxeo Web UI'
  1. Nuxeo Web UI
  2. WEBUI-152

Cors Error

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Minor
    • Resolution: Cannot Reproduce
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: UI

      Description

      Trying to align Aspera Addon on last 11.4.X (11.4.42), using WEB-UI nuxeo-web-ui-3.1.0-rc.9. We are facing a CORS issue locally.
      As reminder Asper addon will use Aspera Connect JS Client and will load the JS files from http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga/.
      But on Nuxeo 11.4.42 we got a Cors errors in the browser console:

      Access to fetch at 'http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga/v4/asperaweb-4.min.js?ts=1607337645230' from origin 'http://localhost:8080' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

      I tried to add the Nuxeo Cors configuration:

      <?xml version="1.0"?>
<component name="org.nuxeo.ecm.platform.ui.web.cors.dev.aspera">
  <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService" point="corsConfig">
    <corsConfig name="Aspera" allowOrigin="http://d3gcli72yxqn2z.cloudfront.net http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga http://d3gcli72yxqn2z.cloudfront.net/connect_3_9_9_177872_ga/v4" 
                  supportedHeaders="*" allowSubdomains="true" supportedMethods="GET,HEAD,OPTIONS,POST,PUT,DELETE" supportsCredentials="true">
        <pattern>/.*</pattern>
      </corsConfig>
  </extension>
</component>
      • And even with allowOrigin="* :
        <extension target="org.nuxeo.ecm.platform.web.common.requestcontroller.service.RequestControllerService" point="corsConfig">
      <corsConfig name="Aspera" allowOrigin="*" supportedMethods="GET,HEAD,OPTIONS,POST,PUT,DELETE" >
        <pattern>/.*</pattern>
      </corsConfig>
  </extension>

      But We got the same error. I tried to debug Platform side and I saw that we use com.thetransactioncompany.cors.CORSFilter and from what I saw we will be in the case CORSFilter. In this case the http response is not updated and I didn't see any Http response related to Cors: Access-Control-Allow-Origin, Access-Control-Allow-Methods doesn't exists in http header response.

       

      After a discussion with Nelson, he explained that the issue is related to the way that we handle the service worker On WEB UI.

      To fix the issue temporarly we can:

      • Clear sw explicitly in Application tab of the dev tool of the browser
      • Clear browser cache.

       

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              saouana Salem Aouana
              Participants:
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: