DSpace 7 CORS Error
3,112 views
Skip to first unread message
Sean Carte
Aug 25, 2021, 10:26:03 AM8/25/21
to DSpace Technical Support
I am able to log into the backend at:
But using the Angular UI and
results in a 403 with XHR errors.
environment.prod.ts:
export const environment = {
ui: {
ssl: false,
host: 'localhost',
port: 4000,
nameSpace: '/'
},
rest: {
ssl: true,
host: 'dev-ir.dut.ac.za',
port: 443,
nameSpace: '/server'
}
};
ui: {
ssl: false,
host: 'localhost',
port: 4000,
nameSpace: '/'
},
rest: {
ssl: true,
host: 'dev-ir.dut.ac.za',
port: 443,
nameSpace: '/server'
}
};
apache default-le-ssl.conf:
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
local.cfg:
dspace.server.url = https://dev-ir.dut.ac.za/server
dspace.ui.url = http://localhost:4000
rest.cors.allow-origins = ${dspace.ui.url}
rest.cors.allow-origins = http://dev-ir.dut.ac.za
rest.cors.allow-origins = http://dev-ir.dut.ac.za:4000
rest.cors.allow-origins = https://dev-ir.dut.ac.za
rest.cors.allow-origins = http://10.4.36.12
rest.cors.allow-origins = http://10.4.36.12:4000
rest.cors.allow-origins = https://10.4.36.12
rest.cors.allow-origins = http://dev-ir.dut.ac.za
rest.cors.allow-origins = http://dev-ir.dut.ac.za:4000
rest.cors.allow-origins = https://dev-ir.dut.ac.za
rest.cors.allow-origins = http://10.4.36.12
rest.cors.allow-origins = http://10.4.36.12:4000
rest.cors.allow-origins = https://10.4.36.12
I'm not sure what's relevant from the browser's inspector window, but this is what I have after trying to log in with the Angular UI:
| POST | |
| scheme | https |
| host | dev-ir.dut.ac.za |
| filename | /server/api/authn/login |
| Address | 10.4.36.12:443 |
Status
403
VersionHTTP/1.1
Transferred447 B (20 B size)
Referrer Policystrict-origin-when-cross-origin
Response Headers:
HTTP/1.1 403
Date: Wed, 25 Aug 2021 14:11:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Date: Wed, 25 Aug 2021 14:11:39 GMT
Server: Apache/2.4.41 (Ubuntu)
Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: 0
X-Frame-Options: DENY
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Request Headers:
POST /server/api/authn/login HTTP/1.1
Host: dev-ir.dut.ac.za
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: application/json, text/plain, */*
Accept-Language: en;q=1,en-US;q=0.1,en;q=0.09
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-XSRF-TOKEN: 56f4015c-5256-4512-8861-12dacda7aae3
X-CORRELATION-ID: 352472e7-b842-4987-b223-961900a64746
X-REFERRER: /home
Content-Length: 43
Origin: https://dev-ir.dut.ac.za
Connection: keep-alive
Referer: https://dev-ir.dut.ac.za/home
Cookie: DSPACE-XSRF-COOKIE=56f4015c-5256-4512-8861-12dacda7aae3; _fbp=fb.2.1611567268808.3166000; __tawkuuid=e::dut.ac.za::X4iey+2XGFdXPDH6lKG4Ikr4yo9SdzTjom+Nd+69vueiUCsm4iQyTzbzsr6pAIEN::2; _ga=GA1.3.923244129.1612793087; __utma=97131402.923244129.1612793087.1624370603.1624440611.58; __utmz=97131402.1620118111.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cookieconsent_status=dismiss; klaro-anonymous=%7B%22authentication%22%3Atrue%2C%22preferences%22%3Atrue%2C%22acknowledgement%22%3Atrue%2C%22google-analytics%22%3Atrue%7D; _gid=GA1.3.1575206032.1629785492; CORRELATION-ID=352472e7-b842-4987-b223-961900a64746; dsLanguage=en; XSRF-TOKEN=56f4015c-5256-4512-8861-12dacda7aae3; dsRedirectUrl=/home
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Host: dev-ir.dut.ac.za
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:91.0) Gecko/20100101 Firefox/91.0
Accept: application/json, text/plain, */*
Accept-Language: en;q=1,en-US;q=0.1,en;q=0.09
Accept-Encoding: gzip, deflate, br
Content-Type: application/x-www-form-urlencoded
X-XSRF-TOKEN: 56f4015c-5256-4512-8861-12dacda7aae3
X-CORRELATION-ID: 352472e7-b842-4987-b223-961900a64746
X-REFERRER: /home
Content-Length: 43
Origin: https://dev-ir.dut.ac.za
Connection: keep-alive
Referer: https://dev-ir.dut.ac.za/home
Cookie: DSPACE-XSRF-COOKIE=56f4015c-5256-4512-8861-12dacda7aae3; _fbp=fb.2.1611567268808.3166000; __tawkuuid=e::dut.ac.za::X4iey+2XGFdXPDH6lKG4Ikr4yo9SdzTjom+Nd+69vueiUCsm4iQyTzbzsr6pAIEN::2; _ga=GA1.3.923244129.1612793087; __utma=97131402.923244129.1612793087.1624370603.1624440611.58; __utmz=97131402.1620118111.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); cookieconsent_status=dismiss; klaro-anonymous=%7B%22authentication%22%3Atrue%2C%22preferences%22%3Atrue%2C%22acknowledgement%22%3Atrue%2C%22google-analytics%22%3Atrue%7D; _gid=GA1.3.1575206032.1629785492; CORRELATION-ID=352472e7-b842-4987-b223-961900a64746; dsLanguage=en; XSRF-TOKEN=56f4015c-5256-4512-8861-12dacda7aae3; dsRedirectUrl=/home
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: same-origin
Pragma: no-cache
Cache-Control: no-cache
Please tell me where I've gone wrong.
Sean
Tim Donohue
Aug 25, 2021, 11:00:46 AM8/25/21
to Sean Carte, DSpace Technical Support
Hi Sean,
Your "dspace.ui.url" setting on the backend is incorrect. This MUST be the public URL of the UI...and it appears you are publicly accesing the UI using a different URL in your browser.
Your "dspace.ui.url" setting on the backend is incorrect. This MUST be the public URL of the UI...and it appears you are publicly accesing the UI using a different URL in your browser.
When you do this, the backend will throw a CORS error because it ONLY trusts clients listed in either "dspace.ui.url" or "rest.cors.allowed-origins" configurations.
Currently, because you've set
"dspace.ui.url =
http://localhost:4000",
your backend will only trust requests that come directly from
http://localhost:4000/ (meaning this must be the exact URL you type into your browser)
More info on this behavior can also be found in the "Common Installation Issues" section of our install guide at: https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-%22CORSerror%22or%22InvalidCORSrequest%22
Tim
From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of Sean Carte <sean....@gmail.com>
Sent: Wednesday, August 25, 2021 9:25 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] DSpace 7 CORS Error
Sent: Wednesday, August 25, 2021 9:25 AM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] DSpace 7 CORS Error
--
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhNk4FsYS1BJ3BaS9T3A9u7DRXv_JK5s9NvHWATaA0Ycsw%40mail.gmail.com.
All messages to this mailing list should adhere to the Code of Conduct: https://www.lyrasis.org/about/Pages/Code-of-Conduct.aspx
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CA%2BxAuhNk4FsYS1BJ3BaS9T3A9u7DRXv_JK5s9NvHWATaA0Ycsw%40mail.gmail.com.
Sean Carte
Aug 26, 2021, 3:33:11 AM8/26/21
to Tim Donohue, DSpace Technical Support
Thanks, Tim. I did try using the public URL in local.cfg, but then reverted to using localhost:4000 as I thought the proxy would expect to find dspace on localhost:4000. Also, I thought the rest.cors.allow-origins would let me use other origins (https://wiki.lyrasis.org/display/DSDOC7x/REST+API -- linked to from the CORS error part of the documentation).
As you suggest, I've changed dspace.ui.url to:
dspace.ui.url = https://dev-ir.dut.ac.za
restarted tomcat, but I still have the same behaviour. I can log in directly to the backend on port 8080, but using the Angular UI or the /server endpoint results in CORS errors.
I also tried changing environment.prod.ts as follows:
port: 4000,
nameSpace: '/'
},
That allows me to log in at
However, I get a 503 at
I think that makes sense because the proxy is redirecting / to localhost:4000, so ui should be host: 'localhost'. But now I'm stuck.
These are the lines for the proxy:
ProxyPass /server http://localhost:8080/server
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
ProxyPassReverse /server http://localhost:8080/server
ProxyPass / http://localhost:4000/
ProxyPassReverse / http://localhost:4000/
Sean
Tim Donohue
Aug 26, 2021, 12:34:46 PM8/26/21
to Sean Carte, DSpace Technical Support
Hi Sean,
The problem is not obvious to me based on the information you've provided to us. Just to verify...
The problem is not obvious to me based on the information you've provided to us. Just to verify...
- In your frontend configs (environment.*.ts)
- UI section should likely say localhost, as this is where your Node/Angular app is running locally. This is the only setting of these that usually is a localhost (non-public) URL, as this setting is used to tell Node where to start/run your app.
- REST section should be the public URL of REST, as this is the URL that the Angular app will use to communicate with backend.
- In your backend configs (local.cfg)
- dspace.ui.url should be the public URL of Angular UI, as that way the REST API can validate responses properly coming any user who accesses your UI.
- dspace.server.url should be the public URL of REST (same as REST section on backend)
Your proxy settings look reasonable as well.
I'd recommend looking for anything odd in logs of Apache or Tomcat or DSpace. Maybe there's something else going on that you haven't discovered yet? Something is definitely off here, and it's not obvious to me what it may be...that makes me suspect there may be an error somewhere that you haven't found.
More tips can be found at
I'd recommend looking for anything odd in logs of Apache or Tomcat or DSpace. Maybe there's something else going on that you haven't discovered yet? Something is definitely off here, and it's not obvious to me what it may be...that makes me suspect there may be an error somewhere that you haven't found.
More tips can be found at
- https://wiki.lyrasis.org/display/DSPACE/Troubleshoot+an+error#Troubleshootanerror-DSpace7.x(orabove)
- https://wiki.lyrasis.org/display/DSDOC7x/Installing+DSpace#InstallingDSpace-CommonInstallationIssues
Tim
From: Sean Carte <sean....@gmail.com>
Sent: Thursday, August 26, 2021 2:32 AM
To: Tim Donohue <tim.d...@lyrasis.org>
Cc: DSpace Technical Support <dspac...@googlegroups.com>
Subject: Re: [dspace-tech] DSpace 7 CORS Error
Sent: Thursday, August 26, 2021 2:32 AM
To: Tim Donohue <tim.d...@lyrasis.org>
Cc: DSpace Technical Support <dspac...@googlegroups.com>
Subject: Re: [dspace-tech] DSpace 7 CORS Error
Sean Carte
Aug 26, 2021, 2:49:44 PM8/26/21
to Tim Donohue, DSpace Technical Support
Thanks, Tim.
Sean
Reply all
Reply to author
Forward
0 new messages