Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Web wallet broken by CORS #2166

Closed
diachedelic opened this issue Dec 16, 2018 · 7 comments
Closed

Web wallet broken by CORS #2166

diachedelic opened this issue Dec 16, 2018 · 7 comments

Comments

@diachedelic
Copy link

diachedelic commented Dec 16, 2018
edited
Loading

Running on [email protected]

Grin is built from master#9a4895c8

Running the web wallet gives me the following error:

image

First error from devtools:

Access to XMLHttpRequest at 'http://localhost:13420/v1/wallet/owner/node_height' 
from origin 'http://localhost:13421' has been blocked by CORS policy: 
No 'Access-Control-Allow-Origin' header is present on the requested resource.

Owner API is definitely running:

$ lsof -i -P | grep LISTEN | grep grin
grin      68644 me   24u  IPv4 0x3700e1bf808ea46b      0t0  TCP localhost:13413 (LISTEN)
grin      68644 me   25u  IPv4 0x3700e1bf76e56aeb      0t0  TCP *:13414 (LISTEN)
grin      69059 me    5u  IPv4 0x3700e1bf7e437deb      0t0  TCP localhost:13421 (LISTEN)
grin      69059 me   16u  IPv4 0x3700e1bf7cab646b      0t0  TCP localhost:13420 (LISTEN)
@diachedelic
Copy link
Author

  • Chrome: Version 71.0.3578.98 (Official Build) (64-bit)
  • Firefox: 51.0.1 (64-bit)

@codeb2cc
Copy link

The create_ok_response and response function in wallet/src/controller.rs is missing header("access-control-allow-headers", "Content-Type")

@diachedelic
Copy link
Author

@codeb2cc actually, it appears that the browser is receiving a Basic authentication challenge:

# General
Request URL: http://localhost:13420/v1/wallet/owner/node_height
Request Method: GET
Status Code: 401 Unauthorized
Remote Address: 127.0.0.1:13420
Referrer Policy: no-referrer-when-downgrade
# Response
content-length: 0
date: Tue, 18 Dec 2018 00:35:05 GMT
www-authenticate: Basic realm=GrinOwnerAPI

Because the 401 response does not have an Access-Control-Allow-Origin header, it throws a CORS error.

Chrome console output:

GET http://localhost:13420/v1/wallet/owner/node_height 401 (Unauthorized)

Access to XMLHttpRequest at 'http://localhost:13420/v1/wallet/owner/node_height' from origin 'http://127.0.0.1:13421' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

@joaovpmamede joaovpmamede mentioned this issue Dec 27, 2018
Open
@okjintao
Copy link

okjintao commented Jan 6, 2019

Run chrome using

open -a Google\ Chrome --args --disable-web-security --user-data-dir

then open the page

@mikeyb
Copy link

mikeyb commented Jan 18, 2019

I use the plugin moesif-origin-cors-change on chrome to bypass cors issue when hitting localhost apps. I prefer that over running with --disable-web-security

@0xmichalis
Copy link
Contributor

The web wallet is archived/non functional - this issue can be closed @yeastplume

@quentinlesceller
Copy link
Member

Closing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@mikeyb @codeb2cc @diachedelic @0xmichalis @okjintao @quentinlesceller