CORS problem adding a new item with DSpace 7.1.1
Juan Corrales Correyero
Hi all,
We have a DSpace 7.1.1. test installation but we are not able
to create new items from the url
https://emimasdcl.consorciomadrono.es
We can login in the system and create communities and
collections.
Some idea of the failure razon?.
Here are some configuration and debug information:
Apache client configuration:
SSLEngine on
ServerName emimasdcl.consorciomadrono.es
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
Apache server:
Header set Access-Control-Allow-Credentials true
SSLEngine on
ServerName emimasd.consorciomadrono.es
ProxyPass /server ajp://localhost:8009/server
ProxyPassReverse /server ajp://localhost:8009/server
dspace.cfg
dspace.server.url = https://emimasd.consorciomadrono.es/server
dspace.ui.url = https://emimasdcl.consorciomadrono.es
After some time, we have a timeout error in the tomcat logs
[Thu Jan 27 13:59:01.261278 2022] [proxy_ajp:error] [pid 901369]
(70007)The timeout specified has expired: AH01030:
ajp_ilink_receive() can't receive header
[Thu Jan 27 13:59:01.261472 2022] [proxy_ajp:error] [pid 901369]
[client 10.205.0.165:60440] AH00992: ajp_read_header:
ajp_ilink_receive failed, referer:
https://emimasdcl.consorciomadrono.es/
[Thu Jan 27 13:59:01.261567 2022] [proxy_ajp:error] [pid 901369]
(70007)The timeout specified has expired: [client
10.205.0.165:60440] AH00878: read response failed from
127.0.0.1:8009 (localhost), referer:
https://emimasdcl.consorciomadrono.es/
10.205.0.165 - - [27/Jan/2022:13:54:01 +0100] "PATCH
/server/api/submission/workspaceitems/93 HTTP/1.1" 500 849
"https://emimasdcl.consorciomadrono.es/" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.71
Safari/537.36"
Request headers:
PATCH /server/api/submission/workspaceitems/93 HTTP/1.1
Host: emimasd.consorciomadrono.es
Connection: keep-alive
Content-Length: 233
Pragma: no-cache
Cache-Control: no-cache
sec-ch-ua: " Not;A Brand";v="99", "Google Chrome";v="97",
"Chromium";v="97"
X-CORRELATION-ID: b27d46cc-64e8-4221-92a8-612c34354097
X-XSRF-TOKEN: 2ba80da1-9f0b-4435-832d-96fff9dd4109
X-REFERRER: /workspaceitems/93/edit
Accept-Language:
es;q=1,en-GB;q=0.1,es-ES;q=0.09,es;q=0.08,fr-FR;q=0.06999999999999999,en-US;q=0.06,en;q=0.05,fr;q=0.04
sec-ch-ua-mobile: ?0
authorization: Bearer
eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJjNjlhMGRjNC1kZmFkLTRhMzUtOTc0NC1iNzJlMDI5NTkxOGMiLCJzZyI6W10sImV4cCI6MTY0MzI4OTU4OX0.XQm8WLHra0aFzjs96GBsGr9INV_S7Mz4rDG6-F11vFM
Content-Type: application/json; charset=UTF-8
Accept: application/json, text/plain, */*
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36
(KHTML, like Gecko) Chrome/97.0.4692.71 Safari/537.36
sec-ch-ua-platform: "Linux"
Origin: https://emimasdcl.consorciomadrono.es
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
Referer: https://emimasdcl.consorciomadrono.es/
Accept-Encoding: gzip, deflate, br
Cookie:
MyHalBrowserToken=eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJjNjlhMGRjNC1kZmFkLTRhMzUtOTc0NC1iNzJlMDI5NTkxOGMiLCJzZyI6W10sImV4cCI6MTY0MzI4ODQ5OH0.ifQkLGM7dwXJqDl8QdZV6CsV08mGe6oM8eXFYyakD0U;
MyHalBrowserCsrfToken=45965169-f7a3-4c3a-a760-ee794c0615dd;
DSPACE-XSRF-COOKIE=2ba80da1-9f0b-4435-832d-96fff9dd4109
The response headers:
HTTP/1.1 500 Internal Server Error
Date: Thu, 27 Jan 2022 12:54:01 GMT
Server: Apache/2.4.48 (Ubuntu)
Content-Length: 635
Connection: close
Content-Type: text/html; charset=iso-8859-1
More network connection information:
fetch("https://emimasd.consorciomadrono.es/server/api/submission/workspaceitems/93",
{
"headers": {
"accept": "application/json, text/plain, */*",
"accept-language":
"es;q=1,en-GB;q=0.1,es-ES;q=0.09,es;q=0.08,fr-FR;q=0.06999999999999999,en-US;q=0.06,en;q=0.05,fr;q=0.04",
"authorization": "Bearer
eyJhbGciOiJIUzI1NiJ9.eyJlaWQiOiJjNjlhMGRjNC1kZmFkLTRhMzUtOTc0NC1iNzJlMDI5NTkxOGMiLCJzZyI6W10sImV4cCI6MTY0MzI4OTU4OX0.XQm8WLHra0aFzjs96GBsGr9INV_S7Mz4rDG6-F11vFM",
"cache-control": "no-cache",
"content-type": "application/json; charset=UTF-8",
"pragma": "no-cache",
"sec-ch-ua": "\" Not;A Brand\";v=\"99\", \"Google
Chrome\";v=\"97\", \"Chromium\";v=\"97\"",
"sec-ch-ua-mobile": "?0",
"sec-ch-ua-platform": "\"Linux\"",
"sec-fetch-dest": "empty",
"sec-fetch-mode": "cors",
"sec-fetch-site": "same-site",
"x-correlation-id": "b27d46cc-64e8-4221-92a8-612c34354097",
"x-referrer": "/workspaceitems/93/edit",
"x-xsrf-token": "2ba80da1-9f0b-4435-832d-96fff9dd4109"
},
"referrer": "https://emimasdcl.consorciomadrono.es/",
"referrerPolicy": "strict-origin-when-cross-origin",
"body":
"[{\"op\":\"add\",\"path\":\"/sections/traditionalpagetwo/dc.description.abstract\",\"value\":[{\"value\":\"Esto
es un
abstract\",\"language\":null,\"authority\":null,\"display\":\"Esto
es un
abstract\",\"confidence\":-1,\"place\":0,\"otherInformation\":null}]}]",
"method": "PATCH",
"mode": "cors",
"credentials": "include"
});
Best!
Juan
-- Juan Corrales Correyero Ingeniero de Software del Consorcio Madroño Tel.: 913986162 UNED-Edificio Biblioteca Pº Senda del Rey, 5 (acceso fachada trasera) 28040 Madrid España
Juan Corrales Correyero
Hi,
sorry I has forgotten the CORS error message and the workflowitems header:
And the file header is
<!DOCTYPE html><html lang="en"><head>
<meta charset="UTF-8">
<base href="/">
<title>DSpace Angular :: Edit Submission</title>
<meta name="viewport"
content="width=device-width,minimum-scale=1">
<link rel="icon" type="image/x-icon"
href="assets/images/favicon.ico">
<link rel="stylesheet"
href="styles.0324863878df4752a58c.css"><style
ng-transition="dspace-angular"></style>
<link rel="stylesheet" type="text/css" class="theme-css"
href="/emimasd-theme.css"><style
ng-transition="dspace-angular">[__STYLE
DIRECTIVES__]</style></head>
Best!
-- Juan Corrales Correyero Ingeniero de Software del Consorcio Madroño Tel.: 913986162 UNED-Edificio Biblioteca Pº Senda del Rey, 5 (acceso fachada trasera) 28040 Madrid España
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-communi...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/fd3151df-0305-3e65-4519-adc74c1ce9ed%40consorciomadrono.es.
Tim Donohue
In our Installation Documentation, we have a section of "Common Installation Issues", and the CORS errors is one of those. Please take a look at the suggestions provided there and see if they help solve your issue:
https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22XMLHttpRequest..hasbeenblockedbyCORSpolicy%22or%22CORSerror%22or%22InvalidCORSrequest%22
Tim
Sent: Thursday, January 27, 2022 9:56 AM
To: dspace-c...@googlegroups.com <dspace-c...@googlegroups.com>
Subject: Re: [dspace-community] CORS problem adding a new item with DSpace 7.1.1
Juan Corrales Correyero
Thanks Tim,
I think that we have implemented these suggestions. I have
added now the "X-Forwarded-Proto: https" directive to the Apache
client and server sites configuration without success.
The request headers contain:
Sec-Fetch-Site: same-site
Sec-Fetch-Mode: cors
Sec-Fetch-Dest: empty
and the https://emimasd.consorciomadrono.es/server/api/workflow/workflowitems?projection=full file have not the 'Access-Control-Allow-Origin' in their header.
I don't know if this is correct.
-- Juan Corrales Correyero Ingeniero de Software del Consorcio Madroño Tel.: 913986162 UNED-Edificio Biblioteca Pº Senda del Rey, 5 (acceso fachada trasera) 28040 Madrid España
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-community/BN6PR2201MB11371743504AF58FD982DE85ED219%40BN6PR2201MB1137.namprd22.prod.outlook.com.
Tim Donohue
It looks like many of the most important response headers are missing. The REST API should send back a response like this: