CORS I'm struggling

[flare04]

I installed ara-web from source page shows correctly other than the CORS section

The error in the browser console is

Access to XMLHttpRequest at 'http://ara.domain.com.au:8000/api/v1/' from origin 'http://ara.domain.com.au:3000' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The error on the ara-manage server is

Exception happened during processing of request from ('ip address', 38304)
Traceback (most recent call last):
  File "/usr/lib64/python3.6/socketserver.py", line 654, in process_request_thread
    self.finish_request(request, client_address)
  File "/usr/lib64/python3.6/socketserver.py", line 364, in finish_request
    self.RequestHandlerClass(request, client_address, self)
  File "/usr/lib64/python3.6/socketserver.py", line 724, in __init__
    self.handle()
  File "/usr/local/lib/python3.6/site-packages/django/core/servers/basehttp.py", line 171, in handle
    self.handle_one_request()
  File "/usr/local/lib/python3.6/site-packages/django/core/servers/basehttp.py", line 179, in handle_one_request
    self.raw_requestline = self.rfile.readline(65537)
  File "/usr/lib64/python3.6/socket.py", line 586, in readinto
    return self._sock.recv_into(b)
  ConnectionResetError: [Errno 104] Connection reset by peer

To get to that error I need to start ara-manage in the following manner

export ARA_CORS_ORIGIN_WHITELIST="['https://ara.domain.com.au', 'https://server.domain.com.au']"
export ARA_ALLOWED_HOSTS="['.domain.com.au', '<server ip>','<client ip>']"

/usr/local/bin/ara-manage runserver <server ip>:8000 --settings ara.server.settings 

I gave up on trying to setup the settings.yaml file for allowed host it just seemed to always ignore them

This is running on CentOS 8
If I use the CLI from the same host as the browser I get information

[dmsimard]

Hi @flare04 o/

CORS issues are not fun. Maybe you can find something in another CORS issue that would ring a bell: #18

or maybe I can help and we try to figure it out :)

We have a live demo deployment of ara-web here: https://web.demo.recordsansible.org/
and it is set up to talk to this API server: https://api.demo.recordsansible.org/

So there is some CORS action going on and it works.

The relevant parts of the configuration are available in the playbook used to deploy them:
https://github.com/ansible-community/ara-infra/blob/45c8a7a5ba8f2d8ca1f8444a5e4c6266ac9d3512/playbooks/live-demo.yaml#L11-L18 (roles are here)

I think the ara_api_cors_origin_allow_all: true was meant to be temporary while we figured out what were the right rules to use and it stayed like that ¯\(ツ)/¯

Truth be told, I haven't had much time to spend on ara-web but I'd be happy to try to point you in the right direction and we can improve the docs if necessary.

[flare04]

Hi,

Thanks for your quick response
export ARA_CORS_ORIGIN_ALLOW_ALL=true
"fixed" it for me, note it is already set in the settings.yaml file
I swear it's not reading this file, even though it reports it is

[dmsimard]

@flare04 I got a feeling you might be hitting a settings regression: ansible-community/ara#149

Could you try pinning dynaconf to <3.0.0 and see if that fixes it ? The bug is on my todo list.

[bendem]

I might be years late, but I'd like to provide my two cents so this issue can be closed:

You say the browser tells you

Access to XMLHttpRequest at 'http://ara.domain.com.au:8000/api/v1/' from origin 'http://ara.domain.com.au:3000/' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Which means you are browsing from http://ara.domain.com.au:3000/.

The config pasted mentions 'https://ara.domain.com.au', 'https://server.domain.com.au'. Both of which are not what you are using, so it's only normal that it doesn't work. I don't know about ara reading settings, but those origins are not the ones you are using so it's never going to work. You need to provide the actual origin, that is, the actual url (without path) of the page you are browsing. Failing that, your config will never work. If you tried with another config, I didn't see it.