These are chat archives for jsreport/jsreport

16th
Mar 2018
Ry Blaisdell
@rylincoln
Mar 16 19:08

I'm using nginx reverse proxy in front of jsreport docker image to add headers for Access-control-allow-origin" etc....

Is it somewhere in express that is adding an extra '*' to this header? Because I'm getting the following error and can't figure out where the extra wild card is coming from yet. Below, first wild card is not defined by me in nginx - it's coming from somewhere else. Found this thread while trying to troubleshoot(jsreport/jsreport-authentication#4)

Failed to load https://myserver.com/reporting/odata/templates?$select=name,shortid&$format=json: The 
'Access-Control-Allow-Origin' header contains multiple values '*, https://myotherserver.com,*', but only one is 
allowed. Origin 'https://myotherserver.com' is therefore not allowed access.
BJR Matos
@bjrmatos
Mar 16 19:18
hi! i think this is the part where the allow origin is set to “*” https://github.com/jsreport/jsreport-express/blob/master/lib/reporter.express.js#L125
same file just a little up
at that asterisk
BJR Matos
@bjrmatos
Mar 16 19:18
it uses https://github.com/expressjs/cors which by default uses this as options:
{"origin": "*",
  "methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
  "preflightContinue": false,
  "optionsSuccessStatus": 204}
Ry Blaisdell
@rylincoln
Mar 16 19:19
ahh ok - yeah i guess i need to get rid of that wildcard since i'm doing it separately in nginx config
thanks man!
BJR Matos
@bjrmatos
Mar 16 19:20
let’s see if we can make this jsreport/jsreport-authentication#4 part of the jsreport v2 which we are actively working on
so in future you will have more control about that
Ry Blaisdell
@rylincoln
Mar 16 19:20
yup - i been lurking on the github watching ya'lls commits. wish i could help but that's deep water for me!
BJR Matos
@bjrmatos
Mar 16 19:22
haha don’t worry, v2 will be here really soon :D
Ry Blaisdell
@rylincoln
Mar 16 19:25
:D
so can edit the line 125 to look like this? And that should override the defaults?
 app.use(cors({"origin": "https://myserver.com",
  "methods": "GET,HEAD,PUT,PATCH,POST,DELETE",
  "preflightContinue": false,
  "optionsSuccessStatus": 204}))
BJR Matos
@bjrmatos
Mar 16 19:28
yes
Ry Blaisdell
@rylincoln
Mar 16 19:28
:+1: