You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@apisix.apache.org by GitBox <gi...@apache.org> on 2021/04/21 06:47:48 UTC
[GitHub] [apisix] totemofwolf opened a new issue #4095: bug: cors() does not work after modifying
totemofwolf opened a new issue #4095:
URL: https://github.com/apache/apisix/issues/4095
### Issue description
### Environment
* apisix version (cmd: `apisix version`): APISIX/2.5
* OS (cmd: `uname -a`): 2.5-alpine
* OpenResty / Nginx version (cmd: `nginx -V` or `openresty -V`):
* etcd version, if have (cmd: run `curl http://127.0.0.1:9090/v1/server_info` to get the info from server-info API): 3.4
* apisix-dashboard version, if have: 2.5
### Minimal test code / Steps to reproduce the issue
1. request:
```
# request:
curl 'http://pilot.x.work/apisix/admin/routes/350558925461914554' \
-X 'PUT' \
-H 'Connection: keep-alive' \
-H 'Accept: application/json' \
-H 'DNT: 1' \
-H 'Authorization: ' \
-H 'User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 11_2_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.128 Safari/537.36' \
-H 'Content-Type: application/json;charset=UTF-8' \
-H 'Origin: http://pilot.x.work' \
-H 'Referer: http://pilot.x.work/routes/list' \
-H 'Accept-Language: zh-CN,zh;q=0.9' \
--data-raw '{
"uris":[
"/*"
],
"name":"https_mapi-x",
"desc":"https://x",
"priority":10,
"hosts":[
"x"
],
"vars":[
[
"scheme",
"==",
"https"
]
],
"plugins":{
"cors":{
"allow_credential":true,
"allow_headers":"*",
"allow_methods":"*",
"allow_origins":"https://x",
"expose_headers":"*",
"max_age":-1
}
},
"upstream_id":"350558615033086906",
"status":1
}
' \
--compressed \
--insecure
```
2.response
```
# curl the route with response:
HTTP/2 404
content-type: text/plain; charset=utf-8
content-length: 18
date: Wed, 21 Apr 2021 06:43:25 GMT
server: APISIX/2.5
access-control-allow-origin: *
access-control-allow-methods: *
access-control-max-age: 5
access-control-expose-headers: *
access-control-allow-headers: *
```
### What's the actual result? (including assertion message & call stack if applicable)
### What's the expected result?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] totemofwolf commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
totemofwolf commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-825365422
> > > This command doesn't send Origin header.
> > > The client should run the CORS mechanism: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
> >
> >
> > Not yet.
> > 
>
> In the `curl` command, did you try to bring the `Origin` header? Example: `curl -I https://xxxyyy.com -H 'Origin: https://x'`
If I set property `` in plugin: cors(), the response header will clear cors.....
```
"plugins": {
"cors": {
"allow_origins": "https://www.xxx.cn"
}
}
```
curl output:
```
HTTP/2 404
content-type: text/plain; charset=utf-8
content-length: 18
date: Fri, 23 Apr 2021 03:37:33 GMT
server: APISIX/2.5
```
curl with -H 'Origin: ' returns ok:
```
HTTP/2 404
content-type: text/plain; charset=utf-8
content-length: 18
date: Fri, 23 Apr 2021 03:40:18 GMT
server: APISIX/2.5
access-control-allow-origin: https://www.xxx.cn
vary: Origin
access-control-allow-methods: *
access-control-max-age: 5
access-control-expose-headers: *
access-control-allow-headers: *
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-825321827
> > This command doesn't send Origin header.
> > The client should run the CORS mechanism: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
>
> Not yet.
>
> 
In the `curl` command, did you try to bring the `Origin` header? Example: `curl -I https://xxxyyy.com -H 'Origin: https://x'`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-823839683
> "cors":{
> "allow_credential":true,
> "allow_headers":"*",
> "allow_methods":"*",
> "allow_origins":"https://x",
> "expose_headers":"*",
> "max_age":-1
> }
`*` is used in other options, so the `allow_credential` field should not be set to `true`.
<img width="1022" alt="截屏2021-04-21 下午3 16 44" src="https://user-images.githubusercontent.com/52862365/115513163-598b1700-a2b5-11eb-9fa6-122df672cb95.png">
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander edited a comment on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
spacewander edited a comment on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-823955521
> curl the route with response:
How do you hit the route with curl? AFAIK, curl doesn't send Origin header by default.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] totemofwolf commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
totemofwolf commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-823928829
> > "cors":{
> > "allow_credential":true,
> > "allow_headers":"_",
> > "allow_methods":"_",
> > "allow_origins":"https://x",
> > "expose_headers":"*",
> > "max_age":-1
> > }
>
> `*` is used in other options, so the `allow_credential` field should not be set to `true`.
> <img alt="截屏2021-04-21 下午3 16 44" width="1022" src="https://user-images.githubusercontent.com/52862365/115513163-598b1700-a2b5-11eb-9fa6-122df672cb95.png">
I only set this in route, but it does not work any more.
```
"plugins": {
"cors": {
"allow_origins": "https://x"
}
}
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-823955521
> # curl the route with response:
How do you hit the route with curl? AFAIK, curl doesn't send Origin header by default.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander closed issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
spacewander closed issue #4095:
URL: https://github.com/apache/apisix/issues/4095
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-823860957
I tried it and it worked. You should check if there is a cors plugin configuration elsewhere?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] totemofwolf commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
totemofwolf commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-824604539
> > curl the route with response:
>
> How do you hit the route with curl? AFAIK, curl doesn't send Origin header by default.
curl -I https://x
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] Firstsawyou commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
Firstsawyou commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-825425091
> If I set property `` in plugin: cors(), the response header will clear cors.....
This is reasonable. The `CORS` function is implemented through the response headers related to `access-control-xxx`. If your request does not carry the `Origin` header, then the `allow_origins` authentication in the cors plugin fails, and there will be no `access-control-xxx` related response headers.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] totemofwolf commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
totemofwolf commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-824624272
> This command doesn't send Origin header.
> The client should run the CORS mechanism: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
Not yet.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [apisix] spacewander commented on issue #4095: bug: cors() does not work after modifying
Posted by GitBox <gi...@apache.org>.
spacewander commented on issue #4095:
URL: https://github.com/apache/apisix/issues/4095#issuecomment-824622092
This command doesn't send Origin header.
The client should run the CORS mechanism: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org