problems with dspace-angular-beta3

[Bill Tantzen]

Sorry for cross posting, but autocomplete tricked me into posting this on dspace-devel...  Anyway

Out of the box, my angular client works fine against the test REST server.  However, when I run the client against my own REST server, every OPTIONS request generates a response code 403. (which usually results in the client hanging).

I think this is a problem with either my tomcat or my apache setup, but I have not been able to track down the cause.  (it's probably tomcat, because the response is initially returned there).  In terms of configuration, both are pretty vanilla.

One interesting side note: any identical request sent via Postman succeeds with response code 200!  A problem with headers perhaps?

I have apache version: Apache/2.4.6 (Red Hat Enterprise Linux),

tomcat version 9.0.34

openjdk 11.07

Example errors from the java console:

[Error] XMLHttpRequest cannot load

  https://XXXX.lib.umn.edu/server/api/statistics/viewevents due to access control checks.
[Log] Error:  – t (main.07d9b2d02aa94962fe83.js, line 1)
t
[Error] Object
[Error] Failed to load resource: Preflight response is not successful (viewevents, line 0)

And this is repeated for each and every OPTIONS request.

Any ideas?

Thanks,

Bill

--

Human wheels spin round and round
While the clock keeps the pace... -- John Mellencamp
________________________________________________________________
Bill Tantzen    University of Minnesota Libraries
612-626-9949 (U of M)    612-325-1777 (cell)

[Bill Tantzen]

Hi all!

A little followup information regarding my problems getting dspace-angular-beta03 up and running.  The client works if it is installed and running on my localhost:4000 against the test api at dspace7.4science.cloud.  Running the client on localhost on any other port, or against my own server results in the preflight/cors errors described below.  It all means that nobody but me can see the latest version (it seems that nobody wants to come to my house anymore...). Sorry this is long, so thanks in advance for reading through!!

Closer examination shows that the 403 Errors I am catching are preflight requests from the browser.  My attempts at a fix include setting the Access-Control-Allow-Origin="*" both in apache and in tomcat. Neither of which helped.  What is strange is that the preflight seems to be a result of a simple GET request, which I think should not trigger such a request, but I'm a little out of my depth with this.  Here is the complete request info (from Chrome in this case):

• General
• Request URL: https://udc-prd.lib.umn.edu/server/api/authn/status
• Request Method: OPTIONS
• Status Code: 403 403
• Remote Address: 128.101.65.121:443
• Referrer Policy: no-referrer-when-downgrade
• Response Headersview source
• Cache-Control: no-cache, no-store, max-age=0, must-revalidate
• Connection: Keep-Alive
• Date: Fri, 10 Jul 2020 13:39:00 GMT
• Expires: 0
• Keep-Alive: timeout=5, max=100
• Pragma: no-cache
• Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_jk/1.2.48
• Strict-Transport-Security: max-age=31536000 ; includeSubDomains
• Transfer-Encoding: chunked
• Vary: Origin,Access-Control-Request-Method,Access-Control-Request-Headers
• X-Content-Type-Options: nosniff
• X-Frame-Options: DENY
• X-XSS-Protection: 1; mode=block
• Request Headersview source
• Accept: */*
• Accept-Encoding: gzip, deflate, br
• Accept-Language: en-US,en;q=0.9
• Access-Control-Request-Headers: content-type
• Access-Control-Request-Method: GET
• Connection: keep-alive
• Host: udc-prd.lib.umn.edu
• Origin: https://udc-dev.lib.umn.edu:3000
• Referer: https://udc-dev.lib.umn.edu:3000/
• Sec-Fetch-Dest: empty
• Sec-Fetch-Mode: cors
• Sec-Fetch-Site: same-site
• 
  User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36

and a snippet from the javascript console for the same request:

Access to XMLHttpRequest at 'https://udc-prd.lib.umn.edu/server/api/authn/status' from origin 'https://udc-dev.lib.umn.edu:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

zone.js.pre-build-optimizer.js:3372 GET https://udc-prd.lib.umn.edu/server/api/authn/status net::ERR_FAILED

And this is the result in my apache logs:

10.21.37.74 - - [10/Jul/2020:08:39:00 -0500] "OPTIONS /server/api/authn/status HTTP/1.1" 403 20

With an identical log entry on the tomcat side:

10.21.37.74 - - [10/Jul/2020:08:39:00 -0500] "OPTIONS /server/api/authn/status HTTP/1.1" 403 20

[Tim Donohue]

Bill,

As of Beta3, the backend (REST API) has an "allow list" of frontend(s) that it responds to.  This setting corresponds to the value(s) of the "Access-Control-Allow-Origin" header which will be automatically set by the backend webapp...and setting "Access-Control-Allow-Origin" to an asterisk (wildcard) is _no longer supported_.  These settings are for security purposes.  

See this config in the rest.cfg: https://github.com/DSpace/DSpace/blob/master/dspace/config/modules/rest.cfg#L10  It existed prior to beta3, but was officially enabled as part of beta3 (it didn't work properly in beta2).

My suspicion is this is the issue you are hitting.  Chances are you need to change this setting's value (or the default value in dspace.ui.url) in your local.cfg.

Tim

---

From: 'Bill Tantzen' via DSpace Technical Support <dspac...@googlegroups.com>
Sent: Friday, July 10, 2020 2:58 PM
To: DSpace Technical Support <dspac...@googlegroups.com>
Subject: [dspace-tech] Re: problems with dspace-angular-beta3

 

--
All messages to this mailing list should adhere to the DuraSpace Code of Conduct: https://duraspace.org/about/policies/code-of-conduct/
---
You received this message because you are subscribed to the Google Groups "DSpace Technical Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/CADgrb7F3xcY1ggAx%3DHe_U--h1Mgbe%2BzV9Y94utkmmq7oujREhA%40mail.gmail.com.

[Paul Warner]

Hi Tim,

Doing this stopped the CORS errors, and allows me to log in via localhost:4000 on my local machine.  Thanks!  A big step forward.

However, I still have a problem when trying to add a collection.  Here is a screenshot of my attempt to add a new collection:

There is nothing new in the DSpace Angular log, and nothing new in the DSpace log or in the Tomcat log.  Clicking on the popup window does nothing.  Any thoughts?

Thanks,

Paul

To unsubscribe from this group and stop receiving emails from it, send an email to dspac...@googlegroups.com.

[paulw...@gmail.com]

Hi,

I am still stuck on this.  It is a 500 Server error, somehow with no peep in the logs.  Here is the output in the browser console:

Environment: Production app.component.ts:102:12

XHRGEThttp://localhost:8355/server/api/core/communities?endpointMap[HTTP/1.1 500 23ms]

Error:

{…}

​

error: Object { timestamp: "2020-08-28T12:32:52.339+0000", status: 500, error: "Internal Server Error", … }

​

headers: Object { normalizedNames: Map(0), lazyUpdate: null, lazyInit: lazyInit()

}

​

message: "Http failure response for http://localhost:8355/server/api/core/communities?endpointMap: 500 OK"

​

name: "HttpErrorResponse"

​

ok: false

​

status: 500

​

statusText: "OK"

​

url: "http://localhost:8355/server/api/core/communities?endpointMap"

​

<prototype>: {…}

​​

constructor: function t(t)​​

<prototype>: Object { … }

dspace-rest-v2.service.ts:115:16

{…}

​

message: "Http failure response for http://localhost:8355/server/api/core/communities?endpointMap: 500 OK"

​

statusCode: 500

​

statusText: "OK"

​

<prototype>: Object { … }

response.models.ts:142:12

    t response.models.ts:142

    execute request.effects.ts:48

    RxJS 87

    Angular 16

    RxJS 96

Thanks for any tips,

Paul

[Tim Donohue]

Hi Paul,

Any 500 error from the DSpace 7 REST API should result in a corresponding error message in the DSpace log files. If you are *not* seeing that message, please make sure that you are running the latest version of the REST API, as we changed this behavior as of late July.  Without the logs it will be nearly impossible to debug the cause of that 500 error.

I wish I could provide better advice here, but a 500 error always means there's something majorly wrong on the backend...either a Database level error (or bad data in the database), bad configurations, or something went wrong with the installation.

Tim

--

Tim Donohue

Technical Lead, DSpace

tim.d...@lyrasis.org

Lyrasis.org | DSpace.org

---

From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of paulw...@gmail.com <paulw...@gmail.com>
Sent: Friday, August 28, 2020 7:42 AM

To: DSpace Technical Support <dspac...@googlegroups.com>

Subject: Re: [dspace-tech] Re: problems with dspace-angular-beta3

 

To unsubscribe from this group and stop receiving emails from it, send an email to dspace-tech...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/0fe258f3-e132-48e5-bd9f-963f9868ed12n%40googlegroups.com.

[paulw...@gmail.com]

Dear Tim,

Sorry, this was my bad: I had failed to start solr.  So sorry to waste your time on this one.

It does bring something to mind, though.  My DSpace 7 instance is not allowing me to create a collection in the browser after logging in, because it does not find the two communities I have installed.  Am I missing something in my solr config, or is there a way to refresh the solr index to read the stuff in DSpace?  I have copied the files over and restarted solr, but that doesn't sound like a new index.  Maybe solr does not see these communities of mine, and that is the source of this problem.

Best regards,

Paul

[Tim Donohue]

Hi Paul,

You can refresh your entire Solr index at any time by running this from the commandline:

[dspace]/bin/dspace index-discovery -b

(In DSpace, the Discovery browse/search engine is backed by Solr, and that command runs a full reindex of all content.)

This command is also runnable from the DSpace 7 UI "Processes" admin page, assuming you are on the latest code.  It may take a few minutes (or many minutes) to complete, depending on the amount of content you have....and the results are logged to your dspace.log file.

See also the docs at https://wiki.lyrasis.org/display/DSDOC7x/Discovery#Discovery-DiscoverySolrIndexMaintenance

Tim

--

Tim Donohue

Technical Lead, DSpace

tim.d...@lyrasis.org

Lyrasis.org | DSpace.org

From: dspac...@googlegroups.com <dspac...@googlegroups.com> on behalf of paulw...@gmail.com <paulw...@gmail.com>

Sent: Monday, August 31, 2020 9:32 PM

To: DSpace Technical Support <dspac...@googlegroups.com>

To view this discussion on the web visit https://groups.google.com/d/msgid/dspace-tech/4393c3d8-28e4-49d6-8ad0-026e9fc32ff1n%40googlegroups.com.

[Michael Plate]

Hi Paul,

I was curious about DSpace 7 (and your problems) and installed the
latest 7.3ß, backend and frontend (same machine, as stated).

I had errors similar to those of you (500 Internal Server Error).

It came from Solr, latest version 8.
https://issues.apache.org/jira/browse/SOLR-14768

I switched back to the 7 series of Solr and the errors are gone.

But this sounds to easy…

Michael


Am 01.09.20 um 04:32 schrieb paulw...@gmail.com:

[paulw...@gmail.com]

Thanks, Michael and Tim!

I am using Solr 7.73.  I refreshed the Solr index, and now I can access the communites, and create collections on my laptop!  Yaay!

It is also good to know that these command line functions work in DSpace 7 as they do in DSpace 6.

Thanks again, Tim and Michael, for your help!!

Best regards,

Paul