-
Notifications
You must be signed in to change notification settings - Fork 2.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
bug: Access-Control-Allow-Origin is manipulated incorrect when using grpc-web and cors plugins in the same route #6834
Comments
hi @yalcinyildiz pls show error logs in issue |
hello @tzssangglass. I updated my first comment, also the document. |
I cann't open the doc file on my machine…… |
Could you try them? If you cannot open these files as well, please share an alternative way for me. |
yes, I can touch these files and I would work on this. |
Current Behavior
We have gprc services that do and do not require authentication. Grpc services that do not require authentication can be perfectly consumed by web clients after using grpc-web and cors plugins. But we are experiencing cors issues on client side for the grpc services that do require authentication.
Grpc-web plugin manipulates allow-origin and allow-headers cors headers incorrect when it is used with cors plugin in the same route as you can see in section 3.3 of the document.
Grpc-web plugin manipulates allow-origin cors header incorrect when it is used with global cors plugin as you can see in section 3.4 of the document.
Expected Behavior
Cors headers are expected to be set with configured value in cors plugin.
Error Logs
Since the problem occurs on the client-side, APISIX does not produce any error logs. The first line is generated after invoking service with Kreya App. Second&third lines are generated after invoking service by Web Client.
172.21.0.1 - - [13/Apr/2022:05:49:05 +0000] localhost:9080 "POST /hello.HelloGrpc/SayHello HTTP/1.1" 200 55 0.021 "-" "grpc-dotnet/2.40.0.0" 192.168.1.78:9000 200 0.020 "grpc://192.168.1.78"
172.21.0.1 - - [13/Apr/2022:05:49:16 +0000] localhost:9080 "OPTIONS /hello.HelloGrpc/SayHello HTTP/1.1" 200 5 0.000 "http://localhost:4200/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 OPR/85.0.4341.60" - - - "http://localhost:9080"
172.21.0.1 - - [13/Apr/2022:05:49:16 +0000] localhost:9080 "POST /hello.HelloGrpc/SayHello HTTP/1.1" 200 55 0.015 "http://localhost:4200/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/99.0.4844.84 Safari/537.36 OPR/85.0.4341.60" 192.168.1.78:9000 200 0.010 "grpc://192.168.1.78"
Steps to Reproduce
You can use the documentation to better understand and reproduce the problem.
grpc-web cors error.docx
Environment
apisix version
): apache/apisix:2.13.0-alpine docker imageuname -a
): Linux d56fe896abc6 5.10.16.3-microsoft-standard-WSL2 change: added doc of how to load plugin. #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 Linuxopenresty -V
ornginx -V
): nginx version: openresty/1.19.9.1 built by gcc 10.3.1 20210424 (Alpine 10.3.1_git20210424)luarocks --version
): 3.8.0The text was updated successfully, but these errors were encountered: