Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Config for Cors headers seems lost during the config refactoring #1340

Closed
individual-it opened this issue Jan 27, 2020 · 13 comments · Fixed by #2666, #4723 or #4948
Closed

Config for Cors headers seems lost during the config refactoring #1340

individual-it opened this issue Jan 27, 2020 · 13 comments · Fixed by #2666, #4723 or #4948
Assignees
@butonic
Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug
Milestone
2.0.0 General Ava...

Comments

@individual-it
Copy link
Member

when setting the origin header e.g. curl http://localhost:9140/ocs/v2.php/config -u user0:123456 -H "Origin: https://aphno.badal" -v

The server replies with Access-Control-Allow-Origin: *
@PVince81
Copy link
Contributor

need to discuss whether it makes sense and if not, what values need to be embedded there and where they are configured

@C0rby

@C0rby
Copy link
Contributor

C0rby commented May 13, 2020

I think it is configured in ocis-pkg
Here: https://github.com/owncloud/ocis-pkg/blob/6f3453440bdd2e9862affedfe637eaee4c1b4bb0/middleware/header.go#L25

@butonic butonic transferred this issue from owncloud/ocis-reva Jan 18, 2021
@refs refs changed the title wildcard Access-Control-Allow-Origin Wildcard Access-Control-Allow-Origin Jan 19, 2021
@refs refs added Category:Technical Technical ehancements Type:Discussion labels Jan 19, 2021
@refs
Copy link
Member

refs commented Jan 19, 2021

Still relevant and we should keep it in close sight 👍

@settings settings bot removed the p3-medium label Apr 7, 2021
@stale
Copy link

stale bot commented Jun 6, 2021

This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 10 days if no further activity occurs. Thank you for your contributions.

@stale stale bot added the Status:Stale label Jun 6, 2021
@refs refs added Category:Research Research is needed and removed Type:Discussion labels Jun 11, 2021
@stale stale bot removed the Status:Stale label Jun 11, 2021
@refs
Copy link
Member

refs commented Jun 11, 2021

We need a clear input here on what we want to do in such scenario, once we have an actionable item we should schedule it and just do it ™️

@C0rby C0rby mentioned this issue Oct 21, 2021
Merged
3 tasks
@SwikritiT
Copy link
Contributor

Re-opening as the server still replies with Access-Control-Allow-Origin: *

curl https://localhost:9200/ocs/v2.php/config -u admin:admin -H "Origin: https://aphno.badal" -vk
*   Trying 127.0.0.1:9200...
* TCP_NODELAY set
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: /etc/ssl/certs/ca-certificates.crt
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: May 25 05:08:52 2022 GMT
*  expire date: May 25 05:08:52 2023 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: unable to get local issuer certificate (20), continuing anyway.
* Server auth using Basic with user 'admin'
> GET /ocs/v2.php/config HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.68.0
> Accept: */*
> Origin: https://aphno.badal
> 
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Location
< Content-Length: 255
< Content-Type: text/xml; charset=utf-8
< Date: Thu, 26 May 2022 11:11:38 GMT
< Ocs-Api-Version: 2
< Vary: Origin
< 
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host localhost left intact
<ocs><meta><status>ok</status><statuscode>200</statuscode><message>OK</message></meta><data><version>1.7</version><website>ownCloud</website><host>localhost:9200</host><contact></contact><ssl>false</ssl></data></ocs>%

@SwikritiT SwikritiT reopened this May 26, 2022
@micbar
Copy link
Contributor

micbar commented Sep 29, 2022

@SwikritiT This should be configurable. I can see the values in the ocis config file examples.

I fear that the ENV variables have been lost in the config refactoring.

@micbar
Copy link
Contributor

micbar commented Sep 29, 2022

I fear that the ENV variables have been lost in the config refactoring.

Correct

Needs fixing.

@micbar micbar changed the title Wildcard Access-Control-Allow-Origin Config for Cors headers seems lost during the config refactoring Sep 29, 2022
@micbar micbar added Type:Bug Priority:p2-high Escalation, on top of current planning, release blocker and removed Category:Technical Technical ehancements Category:Research Research is needed labels Sep 29, 2022
@micbar micbar added this to the 2.0.0 General Availability milestone Sep 29, 2022
@micbar
Copy link
Contributor

micbar commented Sep 29, 2022

The config from this PR https://github.com/owncloud/ocis/pull/2666/files has somehow been "refactured out" 😄

@grgprarup grgprarup mentioned this issue Sep 30, 2022
Closed
@butonic butonic self-assigned this Sep 30, 2022
@butonic
Copy link
Member

butonic commented Sep 30, 2022

@mmattel I'll take A look and ping you in the PR

@butonic butonic mentioned this issue Sep 30, 2022
Merged
@grgprarup
Copy link
Contributor

I have started oCIS server with the env variable OCIS_CORS_ALLOW_ORIGINS="https://aphno.badal", but curl https://localhost:9200/ocs/v2.php/config -u admin:admin -H "Origin: https://aphno.badal" -vk gives Access-Control-Allow-Origin: *

Trying 127.0.0.1:9200...
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Oct 12 04:13:00 2022 GMT
*  expire date: Oct 12 04:13:00 2023 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /ocs/v2.php/config HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.81.0
> Accept: */*
> Origin: https://aphno.badal
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: *
< Access-Control-Expose-Headers: Location
< Content-Length: 255
< Content-Type: text/xml; charset=utf-8
< Date: Wed, 12 Oct 2022 07:10:22 GMT
< Ocs-Api-Version: 2
< Vary: Origin
< 
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host localhost left intact
<ocs><meta><status>ok</status><statuscode>200</statuscode><message>OK</message></meta><data><version>1.7</version><website>ownCloud</website><host>localhost:9200</host><contact></contact><ssl>false</ssl></data></ocs>%

@butonic Is there anything I missed on the setup for ocis?
CC @individual-it @mmattel @micbar @C0rby

@grgprarup grgprarup reopened this Oct 31, 2022
@butonic butonic mentioned this issue Nov 1, 2022
Merged
@butonic
Copy link
Member

butonic commented Nov 1, 2022

@grgprarup please reopen if this is not fixed on master.

@grgprarup
Copy link
Contributor

@grgprarup please reopen if this is not fixed on master.

Seems its fixed.

curl https://localhost:9200/ocs/v2.php/config -u admin:admin -H "Origin: https://aphno.badal" -vk
*   Trying 127.0.0.1:9200...
* Connected to localhost (127.0.0.1) port 9200 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* TLSv1.0 (OUT), TLS header, Certificate Status (22):
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.2 (IN), TLS header, Certificate Status (22):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS header, Finished (20):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.2 (OUT), TLS header, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_128_GCM_SHA256
* ALPN, server did not agree to a protocol
* Server certificate:
*  subject: O=Acme Corp; CN=OCIS
*  start date: Nov  9 07:01:42 2022 GMT
*  expire date: Nov  9 07:01:42 2023 GMT
*  issuer: O=Acme Corp; CN=OCIS
*  SSL certificate verify result: self-signed certificate (18), continuing anyway.
* Server auth using Basic with user 'admin'
* TLSv1.2 (OUT), TLS header, Supplemental data (23):
> GET /ocs/v2.php/config HTTP/1.1
> Host: localhost:9200
> Authorization: Basic YWRtaW46YWRtaW4=
> User-Agent: curl/7.81.0
> Accept: */*
> Origin: https://aphno.badal
> 
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.2 (IN), TLS header, Supplemental data (23):
* Mark bundle as not supporting multiuse
< HTTP/1.1 200 OK
< Access-Control-Allow-Credentials: true
< Access-Control-Allow-Origin: https://aphno.badal
< Access-Control-Expose-Headers: Location
< Content-Length: 255
< Content-Type: text/xml; charset=utf-8
< Date: Wed, 09 Nov 2022 07:06:29 GMT
< Ocs-Api-Version: 2
< Vary: Origin
< 
<?xml version="1.0" encoding="UTF-8"?>
* Connection #0 to host localhost left intact
<ocs><meta><status>ok</status><statuscode>200</statuscode><message>OK</message></meta><data><version>1.7</version><website>ownCloud</website><host>localhost:9200</host><contact></contact><ssl>false</ssl></data></ocs>%

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@butonic butonic

Labels
Priority:p2-high Escalation, on top of current planning, release blocker Type:Bug
Projects
Infinite Scale Team Board
Archived in project
Milestone
2.0.0 General Availability
8 participants
@PVince81 @butonic @individual-it @micbar @C0rby @refs @grgprarup @SwikritiT