Search…

X3 Photo Gallery Support Forums

Search…
 
eljef
Topic Author
Posts: 4
Joined: 14 Jun 2021, 23:13

[Solved] CORS Policy Error

15 Jun 2021, 00:35

Edit 2022/1/18: Not sure if it is the new version 0.3.0, or if a cloudflare setting was changed, but all is well now.


When using the single PHP www.files.gallery app, CORS policy in the browser is blocking requests to https://auth.photo.gallery, either due to a missing 'Access-Control-Allow-Origin' header, or auth.photo.gallery returning a 404.

The error message from the console:
Access to XMLHttpRequest at 'https://auth.photo.gallery/' from origin 'https://<url>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I'm not sure if this is an issue with cloudflare, or auth.photo.gallery, as the return is a 404. Cloudflare does appear to be returning some headers, but not complete.

Here is output from curl over ipv4.

Here is output from curl over ipv6.
Last edited by eljef on 18 Jan 2022, 22:46, edited 2 times in total.
 
eljef
Topic Author
Posts: 4
Joined: 14 Jun 2021, 23:13

Re: CORS Policy Error

15 Jun 2021, 00:36

You can see the 404 return in both pastebin's if you search for 'HTTP/2 404'
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: CORS Policy Error

15 Jun 2021, 01:44

What do you see in the actual browser network inspector? I assume the same error? I can't reproduce from here, and it's not a "common" issue:
Image
Image

I have seen this before though from other users, also with our X3 app. It's related to a domain firewall block either on the specific device, the router, or the ISP (usually the first). Sometimes some firewall mechanism is blocking POST requests to domains like "auth.photo.gallery" that don't contain an actual website when accessed directly. Thus, when the request itself is blocked (for whatever reason), you would naturally also get a CORS error on the failed request. Try from another device?

The "auth" request in Files app is "passive". If connection from Javascript cannot be made (for any reason), the app is considered licensed. We don't want Files app usability to depend on an outgoing connection.
 
eljef
Topic Author
Posts: 4
Joined: 14 Jun 2021, 23:13

Re: CORS Policy Error

15 Jun 2021, 14:48

Yes, same issue in the console. I'm not running any application firewalls, and am able to ping and get replies from the address.

If the application isn't effected by it, I'm not worried about it. Thanks for the information.
Attachments
auth.photo.gallery.png
auth.photo.gallery.png (70.08 KiB) Viewed 6576 times
 
User avatar
mjau-mjau
X3 Wizard
Posts: 13993
Joined: 30 Sep 2006, 03:37

Re: CORS Policy Error

16 Jun 2021, 02:01

Thanks for posting the screenshot. Indeed if your Files app is licensed and it can't connect to the auth, it will remain licensed, as we can't be depend on an outgoing connection for functionality. If the Files app is not licensed and can't connect, it will also be considered licensed, but this would of course only apply for clients with this connection error. Normally, auth responds with JSON response:
Image

I see in your screenshot it's returning "404 Not Found", which in turn leads to the CORS error (because access-control-allow-origin is not included in the generated output, whatever it is). Strange, and I'm not quite sure where it comes from, but it could be Cloudflare security / firewall. I checked stats, and there are a few security / firewall blocks, primarily for bots, but possibly a few false positives also.

I have modified Cloudflare security rules, could you try again for me? Thanks  :clap:
 
eljef
Topic Author
Posts: 4
Joined: 14 Jun 2021, 23:13

Re: CORS Policy Error

16 Jun 2021, 19:22

I'm still getting the 404 error. I could private message you the details for the origin if you wish. Maybe you can find some logs that will be useful that way.