EspV2 Google endpoint ||App engine || CORS issue

[Ankit Dwivedi]

Hi,

I am facing CORS issue and after a lot of try not able to understand how to resolve it.

we have tried multiple options but failed every time, please help on this.

Tried option-1 : - 

Deployed espV2 container with CORS - 

gcloud run deploy CLOUD_RUN_SERVICE_NAME \ --image="gcr.io/ESP_PROJECT_ID/endpoints-runtime-serverless:ESP_VERSION-CLOUD_RUN_HOSTNAME-CONFIG_ID" \ --set-env-vars=ESPv2_ARGS=--cors_preset=basic \ --allow-unauthenticated \ --platform managed \ --project ESP_PROJECT_ID

but getting issue - Access to XMLHttpRequest at 'https://deyes-dq5rvo4msq-el.a.run.app/generateOtp' from origin 'http://localhost:8100' has been blocked by CORS policy: Request header field access-control-allow-methods is not allowed by Access-Control-Allow-Headers in preflight response.

Tried option-2 :- 

Edit the gcloud_build_image  like below-

ENV ESPv2_ARGS ^++^--cors_preset=basic++--cors_allow_method="GET,PUT,POST"++--cors_allow_credentials

and deployed container with below - 

  gcloud run deploy CLOUD_RUN_SERVICE_NAME \ --image="gcr.io/ESP_PROJECT_ID/endpoints-runtime-serverless:ESP_VERSION-CLOUD_RUN_HOSTNAME-CONFIG_ID" \ --set-env-vars=ESPv2_ARGS=^++^--cors_preset=basic++--cors_allow_methods=GET, POST, PUT, PATCH, DELETE, OPTIONS \ --allow-unauthenticated \ --platform managed \ --project ESP_PROJECT_ID  

  but getting issue - Access to XMLHttpRequest at 'https://deyes-dq5rvo4msq-el.a.run.app/generateOtp' from origin 'http://localhost:8100' has been blocked by CORS policy: Request header field access-control-allow-methods is not allowed by Access-Control-Allow-Headers in preflight response.  

can someone please help into this, how to resolve.

Regards,

[Wayne Zhang]

ESPV2_ARGS in gcloud_build_image will override the one set by --set-env-vars.  So you don't need to use --set-env-vars flag

please add OPTIONS to the --cors_allow_method flag

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/df0563c0-47ff-4ca5-87e0-fbcd281f637fn%40googlegroups.com.

[Ankit Dwivedi]

can you please help, how to "  add OPTIONS to the --cors_allow_method flag  ".

[Ankit Dwivedi]

I am trying to give like below..

gcloud run deploy deyes \
  --image="gcr.io/deyes-295406/endpoints-runtime-serverless:2.23.0-deyes-dq5rvo4msq-el.a.run.app-2021-01-27r0" \
  --cors_preset=basic \
  --cors_allow_methods=GET,POST,PUT,OPTIONS \
  --allow-unauthenticated \
  --platform managed \
  --project deyes-295406

but getting error "unrecognized arguments: --cors_allow_methods=GET,POST,PUT,OPTIONS"

please suggest.

[Ankit Dwivedi]

addon on the above query, we are trying to call the api from a mobile application.

[Teju Nareddy]

Please take a look at the guide on setting flags for Cloud Run. Since you want to set args values that have commas ("GET,POST,PUT"), you need to set them in the gcloud_build_image_script only.

Edit the script as you mentioned in your first email:

  ENV ESPv2_ARGS ^++^--cors_preset=basic++--cors_allow_method="GET,PUT,POST"++--cors_allow_credentials

Then build the image with the modified script and deploy as follows. No need to duplicate the args in the deploy command. They are baked into the image you build with the modified script.

  gcloud run deploy CLOUD_RUN_SERVICE_NAME \ 

    --image="gcr.io/ESP_PROJECT_ID/endpoints-runtime-serverless:ESP_VERSION-CLOUD_RUN_HOSTNAME-CONFIG_ID" \ 

    --allow-unauthenticated \ 

    --platform managed \ 

    --project ESP_PROJECT_ID  

Regarding your original question:

  Access to XMLHttpRequest at 'https://deyes-dq5rvo4msq-el.a.run.app/generateOtp' from origin 'http://localhost:8100' has been blocked by

  CORS policy: Request header field access-control-allow-methods is not allowed by Access-Control-Allow-Headers in preflight response.

This error indicates your client is sending the Access-Control-Allow-Methods header in the CORS preflight request. This doesn't sound right, the Mozilla documentation says this is a response header. The client should not send it in the request, ESPv2 will respond back with it. Please remove this header from the client request and try again. Perhaps you meant to send Access-Control-Request-Method instead?

CORS is quite tricky to understand. I recommend looking at the example documented here, it shows all the request and response headers: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#preflighted_requests

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/CAP4yHtYKLzRtHUkCAp4BeVWXFPG%2BMpaf0_D7F7VFvBT6Mf4UmA%40mail.gmail.com.

--

Teju Nareddy nare...@google.com Software Engineer

[Ankit Dwivedi]

Thanks but we are not sending any header in our request.

The situation is, we are creating an ionic application and when running ionic application on browser it working fine and we are successful able to call our google endpoint api but with the same code and api calling when we are creating android build and running apk on a mobile device, we are not able to call our endpoint api.

[Øyvind Matheson Wergeland]

Since this works from the browser, and the logs indicate that the client sends a header it should not send, this sounds like a problem with the Ionic Android framework, and not ESP. I suggest you debug the network messages the Android app sends. I have never used Ionic, so I don

Øyvind Matheson Wergeland

Director of Software Engineering | Exabel AS

werg...@exabel.com | +47 95 16 16 88

To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/CAP4yHtYzH_pD-rby76OYxHQcYDiE0-WdteUn-Y_W6iO5MYq2-w%40mail.gmail.com.