What's the correct settings to upload files to Amazon S3 Bucket?
415 views
Skip to first unread message
Soy yo
May 4, 2021, 6:38:35 AM5/4/21
to Tinode General
Never have been used Amazon's S3 but decided to use this service to store Tinode's files.
Unfortunately, can't get it working and don't know if there is something wrong in Tinode's settings or on Amazon.
I am uploading files from Webapp.
tinode.conf:
"use_handler": "s3",
.....
"access_key_id": "***",
"secret_access_key": "***",
"region": "eu-west-3",
"bucket": "tinode",
"cors_origins": ["https://www.domain1.com,https://www.domain2.com"]
Is "cors_origins" correct? I tried also to put each domain it double quotes:
but it doesn't help
Server log:
I2021/05/04 11:02:51 Upload request /v0/file/u/
I2021/05/04 11:02:51 media upload: 403 valid API key required / <nil>
I2021/05/04 11:02:51 in: '{"pub":{"id":"127650","topic":"usrpDPgde-kKYI","noecho":true,"head":{"mime":"text/x-drafty","attachments":[null]},"content":{"ent":[{"tp":"EX","data":{"mime":"text/javascript","name":"test.js","size":651859}}],"fmt":[{"at":-1}]}}}' sid='-bogJmAhcFs' uid='HGshCFWe5aI'
I have generated an API key and it's present in config.js file.
However, console log reports that I have problem with CORS.
Console log looks like this:
Access to fetch at 'https://www.tinode-server.com:6060/v0/file/u/' from origin 'https://www.domain1.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
So, I don't understand where is the problem - in Tinode's settings or API key or in Amazon's settings.
Amazon S3
Should the bucket be private or public?
First I had it private, then changed to public. It doesn't help either.
In bucket's Permissions I have Cross-origin resource sharing (CORS) configuration like this:
[
{
"AllowedHeaders": [
"*"
],
"AllowedMethods": [
"PUT",
"POST",
"DELETE"
],
"AllowedOrigins": [
],
"ExposeHeaders": []
},
...
Gene
May 4, 2021, 12:58:30 PM5/4/21
to Tinode General
On Tuesday, May 4, 2021 at 3:38:35 AM UTC-7 Soy yo wrote:
Never have been used Amazon's S3 but decided to use this service to store Tinode's files.Unfortunately, can't get it working and don't know if there is something wrong in Tinode's settings or on Amazon.I am uploading files from Webapp.tinode.conf:"use_handler": "s3",....."access_key_id": "***","secret_access_key": "***","region": "eu-west-3","bucket": "tinode","cors_origins": ["https://www.domain1.com,https://www.domain2.com"]Is "cors_origins" correct? I tried also to put each domain it double quotes:
This is correct.
Soy yo
May 18, 2021, 7:51:25 AM5/18/21
to Tinode General
Stll can not upload files not to filesystem nor to S3.
I already generated an API key a long time ago. When I try to upload files to Amazon, I get this error:
I2021/05/04 11:02:51 Upload request /v0/file/u/
I2021/05/04 11:02:51 media upload: 403 valid API key required / <nil>
When I try to upload files to filesystem, I get anothet error:
Access to fetch at 'https://www.***net:6060/v0/file/u/' from origin 'https://www.***.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
I guess this problem already has been fixed some time ago but it still exists.
Today I decided to generate a new API key:
./keygen
API key v1 seq1 [ordinary]: AQAAAAABAABvV8sRjJZQSkU4R15h3XNg
Used HMAC salt: 4Og7p0lYX2Etwcs0wpLr8oVWt7744zExVOhbRCnysVg=
Pasted API key into /src/config.js file. Pasted Salt into tinode.conf file. restarted Tinode.
It does not work either.
I2021/05/18 11:42:43 Using config from '/home/www/tinode/tinode.conf'
I2021/05/18 11:42:43 stats: variables exposed at '/debug/vars'
I2021/05/18 11:42:43 Cluster: running as a standalone server.
I2021/05/18 11:42:43 DB adapter mysql
I2021/05/18 11:42:43 Restricted tags: ['tel' 'basic' 'email']
I2021/05/18 11:42:43 plugins: no active plugins found
I2021/05/18 11:42:43 gRPC/1.28.0 secure server is registered at [***.net:6061]
I2021/05/18 11:42:43 Serving static content from '/home/www/tinode/static' at '/'
I2021/05/18 11:42:43 API served from root URL path '/'
I2021/05/18 11:42:43 Large media handling enabled s3
I2021/05/18 11:42:43 Listening for client HTTPS connections on [***.net:6060]
W2021/05/18 11:42:43 invalid apikey signature
E2021/05/18 11:42:43 ws: Missing, invalid or expired API key
W2021/05/18 11:43:02 invalid apikey signature
E2021/05/18 11:43:02 ws: Missing, invalid or expired API key
W2021/05/18 11:43:05 invalid apikey signature
E2021/05/18 11:43:05 ws: Missing, invalid or expired API key
W2021/05/18 11:43:07 invalid apikey signature
E2021/05/18 11:43:07 ws: Missing, invalid or expired API key
Changed back to the old API key and salt. Error ws: Missing, invalid or expired API key disappeared but when Uploading files to S3 I still get error media upload: 403 valid API key required / <nil>
I can not understand anything. The new APi key is not valid at all, the old API key only is not valid to upload files, when uploading files to the filesystem, there is no cors header...
Any help would be appreciated.
Gene
May 18, 2021, 1:00:03 PM5/18/21
to Tinode General
On Tuesday, May 18, 2021 at 4:51:25 AM UTC-7 Soy yo wrote:
Stll can not upload files not to filesystem nor to S3.I already generated an API key a long time ago. When I try to upload files to Amazon, I get this error:I2021/05/04 11:02:51 Upload request /v0/file/u/I2021/05/04 11:02:51 media upload: 403 valid API key required / <nil>
My guess is that you are using modified clients.
When I try to upload files to filesystem, I get anothet error:Access to fetch at 'https://www.***net:6060/v0/file/u/' from origin 'https://www.***.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.I guess this problem already has been fixed some time ago but it still exists.Today I decided to generate a new API key:./keygenAPI key v1 seq1 [ordinary]: AQAAAAABAABvV8sRjJZQSkU4R15h3XNgUsed HMAC salt: 4Og7p0lYX2Etwcs0wpLr8oVWt7744zExVOhbRCnysVg=
This key is valid for this salt.
Pasted API key into /src/config.js file. Pasted Salt into tinode.conf file. restarted Tinode.It does not work either.
I don't see anything being obviously wrong but something somewhere is misconfigured.
I2021/05/18 11:42:43 Using config from '/home/www/tinode/tinode.conf'I2021/05/18 11:42:43 stats: variables exposed at '/debug/vars'I2021/05/18 11:42:43 Cluster: running as a standalone server.I2021/05/18 11:42:43 DB adapter mysqlI2021/05/18 11:42:43 Restricted tags: ['tel' 'basic' 'email']I2021/05/18 11:42:43 plugins: no active plugins foundI2021/05/18 11:42:43 gRPC/1.28.0 secure server is registered at [***.net:6061]I2021/05/18 11:42:43 Serving static content from '/home/www/tinode/static' at '/'I2021/05/18 11:42:43 API served from root URL path '/'I2021/05/18 11:42:43 Large media handling enabled s3I2021/05/18 11:42:43 Listening for client HTTPS connections on [***.net:6060]W2021/05/18 11:42:43 invalid apikey signatureE2021/05/18 11:42:43 ws: Missing, invalid or expired API keyW2021/05/18 11:43:02 invalid apikey signatureE2021/05/18 11:43:02 ws: Missing, invalid or expired API keyW2021/05/18 11:43:05 invalid apikey signatureE2021/05/18 11:43:05 ws: Missing, invalid or expired API keyW2021/05/18 11:43:07 invalid apikey signatureE2021/05/18 11:43:07 ws: Missing, invalid or expired API keyChanged back to the old API key and salt. Error ws: Missing, invalid or expired API key disappeared but when Uploading files to S3 I still get error media upload: 403 valid API key required / <nil>I can not understand anything. The new APi key is not valid at all, the old API key only is not valid to upload files, when uploading files to the filesystem, there is no cors header...Any help would be appreciated.
We do offer help specifically for cases like this:
Soy yo
May 19, 2021, 10:22:48 AM5/19/21
to Tinode General
Yes, I saw the help section on your website but if I can not upload files to S3 I guess, noone can do it because I don't have a custom server setup or something.
I know that Tinode have expenses and wonder why you don't offer a possibility to donate. I would donate and I am sure that other people too. 1500 USD is too much and I even don't know if it could solve something because I can not allow to access the server where Tinode is installed. An, if there is some issue, I preffer to know how to resolve it instead of asking someone to do it for me.
I don't earn so much to be able to pay 1500 USD to resolve some small issue. Tinode should offer a possibility to donate instead of forcing to pay 1500 per year.
Soy yo
May 21, 2021, 8:45:50 AM5/21/21
to Tinode General
If somedy have had this problem and resolved it, please let mw know how the solution.
Update.
In both cases - uploading files to the filesystem or to S3, browser console shows the same error:
Access to fetch at 'https://www.tinode-server.com:6060/v0/file/u/' from origin 'https://www.domain1.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Webapp is located not on the same server where Tinode is running and actually I don't know if Tinode does not allow upload files from a different server or I have another problem.
tinode.conf file contains "cors_origins" for both fs and s3.
The issue has been reported already here and the answer was that cors is not supported for fs. I have the lastest version of Tinode but the fix does not work. Not only for fs, but for s3 either.
Gene
May 21, 2021, 1:03:49 PM5/21/21
to Tinode General
On Friday, May 21, 2021 at 5:45:50 AM UTC-7 Soy yo wrote:
If somedy have had this problem and resolved it, please let mw know how the solution.Update.In both cases - uploading files to the filesystem or to S3, browser console shows the same error:Access to fetch at 'https://www.tinode-server.com:6060/v0/file/u/' from origin 'https://www.domain1.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.Webapp is located not on the same server where Tinode is running and actually I don't know if Tinode does not allow upload files from a different server or I have another problem.tinode.conf file contains "cors_origins" for both fs and s3.The issue has been reported already here and the answer was that cors is not supported for fs. I have the lastest version of Tinode but the fix does not work. Not only for fs, but for s3 either.
Your request is really not informative. You probably misconfigured something.
Gene Sokolov
May 21, 2021, 8:40:29 PM5/21/21
to tin...@googlegroups.com
I think I know what you are doing wrong. You are serving Tinode webapp from a third party web server like Apache or Nginx and that server is not configured for CORS.
--
You received this message because you are subscribed to the Google Groups "Tinode General" group.
To unsubscribe from this group and stop receiving emails from it, send an email to tinode+un...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/tinode/64502d1d-7a1f-4c93-881c-3dcba1a8d09cn%40googlegroups.com.
Soy yo
May 24, 2021, 11:53:50 AM5/24/21
to Tinode General
Yes, I am serving Tinode webapp from Nginx and it's in a subdirectory, for example:
https://tinodeserver.com:6060/v0/file/u/
Referrer Policy:
strict-origin-when-cross-origin
Request Headers
Provisional headers are shown
Accept:
*/*
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundaryBEzCgxmZNQ3ULvnJ
Referer:
https://www.parent-app.com /
sec-ch-ua:
" Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile:
?0
User-Agent:
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
X-Tinode-APIKey:
***
X-Tinode-Auth:
Token ***
Tinode is running on another server, for example:
I don't see any other problems with it. I do it because when user logs into the parent website, at the same time he automatically logs into Tinode. Login process saves the token, and when user access Tinode https://parent-app.com/tinode/ (I replaced index.html with index.php), the script checks session data, retrieves saved token and user don' t need to login one more time to Tinode.
Parent website, being a single website) has 2 domains with different design and content depending of the domain. So, in Tinode I also need to have different designs depending of the domain. That's why I serve the Webapp in this way and that's why it's located in a subdirectory. The only thing I changed was service-worker.js location. It should be in the root directory but it causes same conflicts and it's not possible to upload files files on the parent app (not related to Tinode), so, I changed '/service-worker.js' to 'service-worker.js'
So, when I try to upload files in the Webapp, the request is coming from:
Error that appears says: No 'Access-Control-Allow-Origin' header is present on the requested resource. The requested source is https://tinodeserver.com:6060/v0/file/u/. No?
Maybe I don't understand someething with cors but I also have a php script that uploads files
So, in the php script on https://uploads.parent-app.com/ I have something like this:
header('Access-Control-Allow-Origin: 'https://parent-app.com');
header("Access-Control-Allow-Credentials: true");
header('Access-Control-Allow-Methods: HEAD, GET, PUT, POST, OPTIONS');
....
and that's all. I don't need any configuration on the parent server. So, I wonder why there is no 'Access-Control-Allow-Origin' header on https://tinodeserver.com:6060/v0/file/u/ when I try to upload files from the Webapp...
All error messages:
Access to fetch at '
https://tinodeserver.com:6060/v0/file/u/ ' from origin '
https://parent-app.com/ ' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Uncaught (in promise) TypeError: Failed to fetch service-worker.js:1
Headers:
Request URL:
https://tinodeserver.com:6060/v0/file/u/
Referrer Policy:
strict-origin-when-cross-origin
Request Headers
Provisional headers are shown
Accept:
*/*
Content-Type:
multipart/form-data; boundary=----WebKitFormBoundaryBEzCgxmZNQ3ULvnJ
Referer:
https://www.parent-app.com /
sec-ch-ua:
" Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile:
?0
User-Agent:
Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
X-Tinode-APIKey:
***
X-Tinode-Auth:
Token ***
Soy yo
May 28, 2021, 10:38:38 AM5/28/21
to Tinode General
The problem is that Tinode does not handle preflight requests and does not send the correct preflight response. I didn't check it before being sure that it should work because tinode.conf file contains cors_origins option.
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, x-tinode-apikey, x-tinode-auth
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Access-Control-Allow-Origin:https://paren-app.com
If among cors_origins values is for example,
https://parent-app.com, headers returned to OPTIONS request should be something like this:
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Access-Control-Allow-Origin:https://paren-app.com
but instead of this Tinode returns 401 error even if a request contains X-Tinode-APIKey and X-Tinode-Auth
Experiment with Nginx
I modified the webapp so that it sends files to https://tinodeserver.com/v0/file/u/ instead of https://tinodeserver.com:6060/v0/file/u/
Then on the server where Tinode is running (not the webapp) I modified Nginx configuration file:
server {
listen 80;
listen 443 ssl;
location / {
...
}
location /v0/file/u/ {
if ($request_method ~* "(GET|POST|OPTIONS)") {
add_header 'Access-Control-Allow-Origin' 'https://parent-app.com' always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept, x-tinode-apikey, x-tinode-auth";
return 200;
}
proxy_pass https://tinodeserver.com:6060/v0/file/u/;
}
...
...
}
Yes, now I am not getting cors errors anymore and can upload files to S3 but in the webapp file uploading process hungs forever.
1. In the webapp I select a file, click on Send.
2. Appears message "uploading", then "terminating" that never terminates
3. Appears message XHR finished loading: POST https://tinodeserver.com/v0/file/u/ and then this error
When I check Amazon AWS console, I see uploaded files but webapp after uploading file does not get any response from Tinode.
No messages/errors on Tinode. Nothing in the log, It's like I wouldn't have done absolutely anything.
I am completely desperate. Spent almost a year setting up Tinode with rest auth, synchronisation of blacklists, groups, avatars, etc, etc with the parent website, and now this...
As I understand, there is no way to upload files if the Webapp is not running on the same domain. If so, I just have to forgot about Tinode and look for another solutions.
Soy yo
May 28, 2021, 12:26:43 PM5/28/21
to Tinode General
Forgot to post. This is response when I upload file over Nginx:
code: 200
id: "123928"
params: {url: "/v0/file/s/ALSVoZwwhMk.bin"}
text: "ok"
ts: "2021-05-28T16:23:23.42Z"
Gene
May 28, 2021, 2:15:01 PM5/28/21
to Tinode General
On Friday, May 28, 2021 at 7:38:38 AM UTC-7 Soy yo wrote:
The problem is that Tinode does not handle preflight requests
It does.
and does not send the correct preflight response.
It sends a correct response, just not the one you expect.
Soy yo
May 28, 2021, 6:14:30 PM5/28/21
to Tinode General
The response not expect me but browser, Chrome.
Soy yo
Jun 1, 2021, 4:45:29 AM6/1/21
to Tinode General
I can upload over Nginx. - to the filesystem and to S3. The problem is that after uploading a file appears this error:
Uncaught TypeError: Cannot read property 'url' of undefined at XMLHttpRequest.xhr.onload (tinode.prod.js:1)
and Webapp doesn't send message.
I can not understand, why Webapp can not read property 'url' if it's being received. Cold be a problem that url is relative and not absolute?
Response:
{"ctrl":{"id":"72022","params":{"url":"/v0/file/s/4Rn7CxQT1yo.mp4"},"code":200,"text":"ok","ts":"2021-06-01T07:12:21.346Z"}}
Tinode log:
I2021/06/01 08:12:21 aws upload success 4Rn7CxQT1yo.mp4 key 4em7wcyucplsu id 4Rn7CxQT1yo
I2021/06/01 08:12:21 media upload: 200 ok / <nil>
Headers
General
Request URL: https://www.***.net/v0/file/u/
Request Method: POST
Status Code: 200 OK
Remote Address: ***:443
Referrer Policy: strict-origin-when-cross-origin
Response headers
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, x-tinode-apikey, x-tinode-auth
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Access-Control-Allow-Origin: https://www.***.com
Connection: keep-alive
Content-Encoding: gzip
Content-Length: 135
Content-Type: application/json; charset=utf-8
Date: Tue, 01 Jun 2021 07:12:21 GMT
Vary: Accept-Encoding
Request headers:
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: es-ES,es;q=0.9
Connection: keep-alive
Content-Length: 3236725
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryIAasG5jyGFBPuA1F
Host: www.***.net
Origin: https://www.***.com
Referer: https://www.***.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="90", "Google Chrome";v="90"
sec-ch-ua-mobile: ?0
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/90.0.4430.212 Safari/537.36
X-Tinode-APIKey: A***O
X-Tinode-Auth: Token H***=
Form data
file: (binary)
id: 72022
Nginx configuration
server {
listen 80;
listen 443 ssl;
.....
location / {
.....
}
location /v0/file/u/ {
if ($request_method = OPTIONS) {
add_header 'Access-Control-Allow-Origin' 'https://www.***.com' always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept, x-tinode-apikey, x-tinode-auth";
add_header 'Content-Type' 'text/plain; charset=utf-8';
add_header 'Content-Length' 0;
}
if ($request_method = POST) {
add_header 'Access-Control-Allow-Origin' 'https://www.***.com' always;
add_header "Access-Control-Allow-Methods" "GET, POST, OPTIONS, HEAD";
add_header 'Access-Control-Allow-Credentials' 'true';
add_header "Access-Control-Allow-Headers" "Authorization, Origin, X-Requested-With, Content-Type, Accept, x-tinode-apikey, x-tinode-auth";
}
Soy yo
Jun 9, 2021, 6:45:05 AM6/9/21
to Tinode General
If it sends correct response, why it does not contain things like this?
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, x-tinode-apikey, x-tinode-auth
Access-Control-Allow-Methods: GET, POST, OPTIONS, HEAD
Access-Control-Allow-Origin: https://www.***.com
This is OPTIONS request and response headers:
El viernes, 28 de mayo de 2021 a las 19:15:01 UTC+1, Gene escribió:
Gene
Jun 9, 2021, 3:17:52 PM6/9/21
to Tinode General
$ curl -I -X OPTIONS http://localhost:6060/v0/file/u/ -H "X-Tinode-APIKey: AQEAAAABAAD_rAp4DJh05a1HAwFT3A6K" -H "X-Tinode-Auth: Token 3Aq15JKi90l/ftNgFAABAAEAbNPZkZjKhvd6ZhILKAuwdOdz2Kuc76rWf3yMJyBySt0="
HTTP/1.1 200 OK
Date: Wed, 09 Jun 2021 19:14:53 GMT
Content-Length: 0
If you need something else, please send a pull request.
HTTP/1.1 200 OK
Date: Wed, 09 Jun 2021 19:14:53 GMT
Content-Length: 0
If you need something else, please send a pull request.
Soy yo
Jun 10, 2021, 11:51:44 AM6/10/21
to Tinode General
I would not need something else if I could achieve that it works over nginx proxy. Actually, it works but Webapp does not recognise server response as a valid response:
Why this response is invalid?
And then appear errors like:
Uncaught TypeError: Cannot read property 'ctrl' of undefined
at XMLHttpRequest.xhr.onload
Uncaught TypeError: Cannot read property 'url' of undefined
at XMLHttpRequest.xhr.onload
Gene
Jun 10, 2021, 12:14:27 PM6/10/21
to Tinode General
If you think there is a bug in Tinode then please give me a way to reproduce it. Or debug it yourself and describe what exactly is not working as it should.
Soy yo
Jun 30, 2021, 10:43:23 AM6/30/21
to Tinode General
This fix fixes what?
When sending OPTIONS request to Tinode, it still does not return
"Access-Control-Allow-Origin": allowedOrigin,
Gene
Jun 30, 2021, 2:20:22 PM6/30/21
to Tinode General
There are two options:
1. You can provide me with a setup or setup instructions (like a docker container) which would allow me to reproduce the problem.
2. You can debug the problem yourself and send a pull request or at least a specific explanation of the problem.
Soy yo
Jul 1, 2021, 6:59:51 AM7/1/21
to Tinode General
You can see the problem without any specific installation or setup by doing the following:
1. change tinode.conf file on sandbox.tinode.co and add
"cors_origins": ["web.tinode.co"] within s3 or fs depending of which media handler uses sandbox.tinode.co
2. Restart Tinode on sandbox.tinode.co
3. Open in Chrome web.tinode.co
4. Click on Settings and change server from web.tinode.co to sandbox.tinode.co
5. Login with dave:dave123
6. Open Developer Tools on Chrome.
7. Try to send a large file to some topic.
Result
You can not upload a file from Webapp hosted on web.tinode.co to the server sandbox.tinode.co
You will get Cors error because Tinode does not respond correctly to the OPTIONS request:
Expected result
If on the server sandbox.tinode.co among the domains in:
"cors_origins": ["web.tinode.co","example2.com","example3.com"]
configuration exists web.tinode.co, the server sandbox.tinode.co should return to the OPTIONS request something like this:
Access-Control-Allow-Origin: https://web.tinode.co
Access-Control-Allow-Methods: HEAD, GET, PUT, POST, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Credentials: true
but it doesn´t and it makes imposible to upload files to sandbox.tinode.co if the webapp is hosted on another domain.
Gene
Jul 1, 2021, 6:14:27 PM7/1/21
to Tinode General
On Thursday, July 1, 2021 at 3:59:51 AM UTC-7 Soy yo wrote:
You can see the problem without any specific installation or setup by doing the following:1. change tinode.conf file on sandbox.tinode.co and add
"cors_origins": ["web.tinode.co"] within s3 or fs depending of which media handler uses sandbox.tinode.co
Sorry, no. Use curl (https://curl.se/) or a similar tool. Show what you are sending, what you are receiving, what you expect and why the response is wrong.
Or provide me with a docker container or specific setup instructions.
Ons Ta
Jul 2, 2021, 12:33:19 PM7/2/21
to Tinode General
1. change tinode.conf file on sandbox.tinode.co and add"cors_origins": ["web.tinode.co"] within s3 or fs depending of which media handler uses sandbox.tinode.coSorry, no. Use curl (https://curl.se/) or a similar tool. Show what you are sending, what you are receiving, what you expect and why the response is wrong.Or provide me with a docker container or specific setup instructions.
I have Tinode installed from Binaries but the problem not depends of the installation or setup.
If the webapp is hosted on domain1.com but Tinode's server runs on domain2.com, (different domains) all the browsers before sending a real POST request (before uploading file) will send a preflight request OPTIONS. If browser does not receive a correct preflight response, file upload fails.
Below you can see the current request and response when file upload fails:
Correct response to the preflight OPTIONS request that works:
When receiving OPTIONS request from domain1.com, Tinode that runs on domain2.com should check if domain1.com is among the allowed domains in:
"cors_origins": ["domain1.com","domain2.com","domain3.com"]
configuration. If it is, the response from Tinode should contain:
Access-Control-Allow-Origin: https://domain1.com
Access-Control-Allow-Methods: HEAD, GET, PUT, POST, OPTIONS
Access-Control-Max-Age: 1000
Access-Control-Allow-Credentials: true
Without it it's not possible to upload files if the webapp are hosted on a different domain than Tinode's server.
Gene
Jul 2, 2021, 5:42:20 PM7/2/21
to Tinode General
I added CORS handing to devel branch:
Please test it and let me know if it works. Then I'll make a release. Thanks.
Ons Ta
Jul 3, 2021, 6:59:29 AM7/3/21
to Tinode General
Thank you, ok I will test it.
Gene
Jul 6, 2021, 11:36:38 AM7/6/21
to Tinode General
If I don't hear from you I'm going to make a release tomorrow.
Reply all
Reply to author
Forward
0 new messages