CORS: Error Response Headers without access-control-allow-origin: *

Question

CORS: Error Response Headers without access-control-allow-origin: *

NikitaIT opened this issue 2 years ago · comments

Nikita commented 2 years ago

Swagger show CORS error instead of Error 400.

OS Version:

Chrome

Expected behavior

curl -X 'GET' \
  'https://testnet.veblocks.net/accounts/015034aa590125b64023a0262112b98d72e3c8e40e' \
  -H 'accept: application/json'

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-genesis-id
access-control-allow-methods: GET, POST, OPTIONS, HEAD
+ access-control-allow-origin: *
access-control-expose-headers: x-genesis-id,x-thorest-ver
access-control-max-age: 86400
...

Actual behavior

Errors without access-control-allow-origin: *

Ok

curl -X 'GET' \
  'https://testnet.veblocks.net/accounts/0x5034aa590125b64023a0262112b98d72e3c8e40e' \
  -H 'accept: application/json'

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-genesis-id
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-allow-origin: *
access-control-expose-headers: x-genesis-id,x-thorest-ver
access-control-max-age: 86400
...

Error 400: address: invalid prefix

curl -X 'GET' \
  'https://testnet.veblocks.net/accounts/015034aa590125b64023a0262112b98d72e3c8e40e' \
  -H 'accept: application/json'

access-control-allow-headers: DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,x-genesis-id
access-control-allow-methods: GET, POST, OPTIONS, HEAD
access-control-expose-headers: x-genesis-id,x-thorest-ver
access-control-max-age: 86400
...

Steps to reproduce the behavior

Go to https://testnet.veblocks.net/accounts/015034aa590125b64023a0262112b98d72e3c8e40e

libotony · Answer 1 · Thu Jun 09 2022 11:07:10 GMT+0800 (China Standard Time)

I think this is not the CORS issue. The error is Error 400: address: invalid prefix, check the address you provided. It should be

- 015034aa590125b64023a0262112b98d72e3c8e40e
+ 0x5034aa590125b64023a0262112b98d72e3c8e40e

Nikita · Answer 2 · Thu Jun 09 2022 15:41:55 GMT+0800 (China Standard Time)

@libotony I checked the errors returned by the API. And in the case of a valid request(0x5034aa590125b64023a0262112b98d72e3c8e40e), everything works fine as I indicated above. But if the request result is error (address: invalid prefix), then there is no CORS header in it.

Nikita · Answer 3 · Thu Jun 09 2022 15:53:02 GMT+0800 (China Standard Time)

In my case, I want to extend the Swagger config to generate the client correctly. This requires a bit of config tweaking. But I can't test it quickly without proxy due to CORS.

responses:
        '200':
          description: OK
          content:
            application/json:
              schema:
                $ref: '#/components/schemas/Account'
        '400':
          description: Error
          content:
            text/plain:
              schema:
                format: 'ValidationError'
                type: string

libotony · Answer 4 · Thu Jun 09 2022 15:57:16 GMT+0800 (China Standard Time)

Sorry, I just got your point. You need access-control-allow-origin to present even if it's a bad request right?

Nikita · Answer 5 · Thu Jun 09 2022 15:58:30 GMT+0800 (China Standard Time)

@libotony yes

libotony · Answer 6 · Thu Jun 09 2022 16:31:48 GMT+0800 (China Standard Time)

I'll look into that.

libotony · Answer 7 · Thu Jun 09 2022 18:23:32 GMT+0800 (China Standard Time)

@NikitaIT I have tested locally, thor returns access-control-allow-origin header when it's 400, it might be the configuration of testnet.veblocks.net. You can try https://vethor-node-test.vechaindev.com instead. I'll talk to the admin of veblocks about this.

libotony · Answer 8 · Wed Jun 15 2022 10:36:43 GMT+0800 (China Standard Time)

@NikitaIT The admin of veblocks has fixed the issue.