Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to configure CORS origins in multi-user Che #15631

Closed
6 of 23 tasks
vinokurig opened this issue Jan 8, 2020 · 8 comments
Closed
6 of 23 tasks

Unable to configure CORS origins in multi-user Che #15631

vinokurig opened this issue Jan 8, 2020 · 8 comments
Labels
status/analyzing An issue has been proposed and it is currently being analyzed for effort and implementation approach status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering.

Comments

@vinokurig
Copy link
Contributor

vinokurig commented Jan 8, 2020
edited
Loading

Describe the bug

Api requests to Che multi-user server from Che client side fail due to CORS error:

Access to XMLHttpRequest at 'http://che-che.192.168.99.194.nip.io/api/user&token=***' from origin 'http://serveru8v0e6p6-che-dev-server-3010.192.168.99.194.nip.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

There is no CHE_CORS_ALLOWED__ORIGINS item in the che config-map

Che version

  • latest
  • nightly
  • other: please specify

Steps to reproduce

build and launch a simple che-theia plugin that does:
che.github.uploadPublicSshKey('publicKey');

See CORS errors in the browser console

Expected behavior

Runtime

  • kubernetes (include output of kubectl version)
  • Openshift (include output of oc version)
  • minikube (include output of minikube version and kubectl version)
  • minishift (include output of minishift version and oc version)
  • docker-desktop + K8S (include output of docker version and kubectl version)
  • other: (please specify)

Screenshots

Installation method

  • chectl
  • che-operator
  • minishift-addon
  • I don't know

Environment

  • my computer
    • Windows
    • Linux
    • macOS
  • Cloud
    • Amazon
    • Azure
    • GCE
    • other (please specify)
  • other: please specify

Additional context
@vinokurig vinokurig added kind/bug Outline of a bug - must adhere to the bug report template. team/deploy labels Jan 8, 2020
@benoitf
Copy link
Contributor

benoitf commented Jan 8, 2020

you can't upload from nodejs ? (instead of doing it from client side)

@vinokurig vinokurig mentioned this issue Jan 8, 2020
Closed
@vinokurig
Copy link
Contributor Author

No, the request is called in the client side. the code described in the steps to reproduse is just an example the calls the request to che server from client side

@benoitf
Copy link
Contributor

benoitf commented Jan 8, 2020

@vinokurig yes but client can't call server side to do the operation ?

@benoitf benoitf added the status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering. label Jan 8, 2020
@vinokurig
Copy link
Contributor Author

@benoitf Why not? It is possible in the single user Che.

@skabashnyuk
Copy link
Contributor

skabashnyuk commented Jan 9, 2020
edited
Loading

CC @l0rd

@vinokurig cors is disabled intentionally #14921 since it is a source of a lot of security concerns. Could you please reimplement this functionality from the server-side.

@skabashnyuk skabashnyuk added status/analyzing An issue has been proposed and it is currently being analyzed for effort and implementation approach and removed kind/bug Outline of a bug - must adhere to the bug report template. team/deploy labels Jan 9, 2020
@skabashnyuk
Copy link
Contributor

@vinokurig we need to carefully discuss this topic with architects before we go any forward with CORS

@vinokurig
Copy link
Contributor Author

Closing as expected behaviour

@IveJ
Copy link

IveJ commented Jan 9, 2020 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
status/analyzing An issue has been proposed and it is currently being analyzed for effort and implementation approach status/info-needed More information is needed before the issue can move into the “analyzing” state for engineering.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@benoitf @skabashnyuk @vinokurig @IveJ