Uploaded image for project: 'HPCC'
  1. HPCC
  2. HPCC-19049

CORS + Auth failure

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Resolved
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 6.4.6
    • Fix Version/s: 6.4.12
    • Component/s: ESP
    • Labels:
      None
    • Environment:
      Dataland

      Description

      JS To reproduce in chrome:

      fetch('http://10.241.12.207:8010/WsWorkunits/WUQuery.json', {
          credentials: "include"
      }).then(function (response) {
          if (!response.ok)
              throw new Error(response.statusText);
          return response.text();
      }).then(function (body) { return console.log("Success:  " + body); }).catch(function (e) { return console.log("Error:  " + e.message); });
      

      Error reported by chrome:

      The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. Origin 'http://localhost:8000' is therefore not allowed access.
      

      Expected header response:

      Access-Control-Allow-Origin: http://localhost:8000
      Access-Control-Allow-Credentials: true
      ...
      

      Actual header response:

      Access-Control-Allow-Origin: *
      ...
      

      Third party example (working):

      fetch("http://httpbin.org/basic-auth/gosmith/mypass", {
          credentials: "include"
      }).then(function (response) {
          if (!response.ok)
              throw new Error(response.statusText);
          return response.text();
      }).then(function (body) { return console.log("Success:  " + body); }).catch(function (e) { return console.log("Error:  " + e.message); });
      

        Attachments

          Activity

            People

            • Assignee:
              afishbeck Anthony Fishbeck
              Reporter:
              gordonsmith Gordon Smith
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: