2

I am currently trying to Deploy the following stack: React, Django, Nginx, and Docker.

I have spent countless hours trying to debug with no success. I have tried looking at the following resources:

  1. https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed
  2. CORS preflight response did not succeed
  3. Recommendation on deploying a heavy Django + React.js web-application
  4. https://pypi.org/project/django-cors-headers/

and many more...

I am running into the following CORS error:

Cross-Origin Request Blocked: The Same Origin Policy Disallows reading the remote resource at http://127.0.0.1:8000/api/token. (Reason: CORS did not succeed)

I am confused as to how to fix this or what the issue might be because this message doesn't really tell you what is wrong with your request like some of the other CORS messages do. For example:

"missing header Access-Control-Allow-Origin"

I believe this to be an issue with my implementation of NGINX, but I may be completely wrong. I am sending all requests to 192.168.100.6:80

The requests to my API work perfectly from my host computer (using internal IP: 192.168.100.6), but start failing with a CORS error when requesting from another computer within my same network. (I have port forwarded all relevant ports).

The networking debugging shows me that my preflight request seems to be failing. These are the request headers being sent in it:

OPTIONS:

Accept /
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Access-Control-Request-Headers content-type
Access-Control-Request-Method POST
Connection keep-alive
Host 127.0.0.1:8000
Origin http://192.168.100.6
Referer http://192.168.100.6/
Sec-Fetch-Dest empty
Sec-Fetch-Mode cors
Sec-Fetch-Site cross-site
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:92.0) Gecko/20100101 Firefox/92.0

POST:

Accept application/json, text/plain, /
Accept-Encoding gzip, deflate
Accept-Language en-US,en;q=0.5
Connection keep-alive
Content-Length 29
Content-Type application/json;charset=utf-8
Host 127.0.0.1:8000
Origin http://192.168.100.6
Referer http://192.168.100.6/
Sec-Fetch-Dest empty
Sec-Fetch-Mode cors
Sec-Fetch-Site cross-site
User-Agent Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:92.0) Gecko/20100101 Firefox/92.0

These are my settings for nginx-proxy.conf:

  upstream api {
    server backend:8000;
}


server {
    server_name _;
    listen 8080;


    add_header Access-Control-Allow-Origin *;
    add_header Access-Control-Allow-Methods "GET, POST, OPTIONS, PUT,";
    add_header Access-Control-Allow-Headers "DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range";
    add_header Access-Control-Expose-Headers "Content-Length,Content-Range";
    add_header Access-Control-Max-Age 1728000;
    # ignore cache frontend
    

    location ~* (service-worker\.js)$ {
        expires off;
        proxy_no_cache 1;
    }

    location / {
        root /var/www/react-frontend;
        try_files $uri $uri/ /index.html;
    }

    location /api/{  
        proxy_pass http://api$request_uri/;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-NginX-Proxy true;
        proxy_redirect off;

    }
}

These are my Django Settings:

DEBUG = False

#ALLOWED CONNECTIONS:
ALLOWED_HOSTS = ['*']
CORS_ORIGIN_ALLOW_ALL = True


# Application definition

INSTALLED_APPS = [
    'django.contrib.admin',
    'django.contrib.auth',
    'django.contrib.contenttypes',
    'django.contrib.sessions',
    'django.contrib.messages',
    'django.contrib.staticfiles',
    
    #Django Apps:
    'authentication',

    #Packages:
    'rest_framework',
    'corsheaders',
]

#Cors middleware set as first
MIDDLEWARE = [
    'corsheaders.middleware.CorsMiddleware',
    ...
]

I appreciate any resources I could look at or any help. I am just genuinely confused with why I am getting this CORS error.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
a-maccormack
  • 86
  • 1
  • 7
  • 3
    What does the OPTIONS response look like? For some reason it may not be returning the proper Access-Control-Allow-Origin as we would expect – Bruno Farias Oct 09 '21 at 16:25
  • 1
    @BrunoFarias Thank you for answering. There is no options response. It's just denied. – a-maccormack Oct 09 '21 at 16:32
  • 2
    There should be a response to your preflight (OPTIONS) request.. if you are using Chrome DevTools, it is right above the Request Header in the request details in Networking tab.. Or if you are using curl you may need to increase the verbosity of the output – Bruno Farias Oct 09 '21 at 16:36
  • 1
    @BrunoFarias "Failed to load response data: No content available for preflight request". Could this mean that my proxy is forwarding the wrong IP? Which in turn means that all connections would be refused and therefore not have a response? My request to the API seems to be trying to connect me to http://127.0.0.1:8000. Which has nothing running because it is not the computer running the server. Any ideas why this may be happening? Thanks for your response. – a-maccormack Oct 09 '21 at 16:42
  • 2
    The *“CORS request did not succeed”* error message actually indicates the problem is something other than CORS-related. It literally means the browser failed to successfully complete the request. Or in other words, it means the transaction never reached the point of the server actually responding. So it can often indicate a failure at the network level, not at the server level. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed – sideshowbarker Oct 09 '21 at 22:42
  • 1
    @sideshowbarker. Thank you so much for replying. I have realized that this is the case. For some reason, when I send an API request from my frontend, NGINX changes the IP address to 127.0.0.1:8000 for some reason, even when I take the backend out of the nginx config entirely. The request should be going to 192.168.100.6:8000 instead but it just doesn't happen. If you have any idea what the case might be I'd appreciate any input. I'll continue looking into it and update this post if the problem is solved. – a-maccormack Oct 10 '21 at 00:53
  • 1
    what if you make a request from not browser, for example program like postman? Just to test what happens, to eliminate CORS. Maybe it would give some hint. Doest it also change to 127.0.0.1 ? – Darius.V Oct 10 '21 at 07:41
  • @Darius.V Postman requests work, but react requests (hosted within NGINX) don't. I've even tried hardcoding the values and everything, but no luck. – a-maccormack Oct 10 '21 at 16:14
  • 1
    maybe you should place your minimal application on github, since it is docker, probably it should be easy to install for us locally, maybe some of us could take a look. – Darius.V Oct 10 '21 at 18:44
  • 1
    @Darius.V Thank you for your willingness to help, but I unfortunately cannot share the application as it is a work related product :/ . Your answer did however make me realize some things about the root of the problem. I'll continue trying to understand the cause. Appreciate your help! – a-maccormack Oct 10 '21 at 19:48
  • 1
    @Darius.V I have found a solution. You can read the answer on this post. Thank you so much for your advice, it really helped me arrive to the solution! – a-maccormack Oct 11 '21 at 03:29
  • @macdev2252 question is would they really mind if you exclude all unnecesarry stuff from the application, make separate repository. I did not mean share their whole application :) only minimal files and code to lauch it which reproduces the problem. That's nice that I was able to help at least a little bit :) – Darius.V Oct 11 '21 at 08:37

1 Answers1

3

So after a lot of troubleshooting and help from commenters, I have arrived to the solution to my specific problem. My proxy was in fact doing what it needed to do. I tested requesting to it via Postman, as suggested by @DariusV.

The mozilla failed request message itself made me believe it was a CORS error when all that was actually happening was just a failed request to 127.0.0.1 rather than the propper IP (192.168.100.6).

What actually happened is that all of my codebase was correct, but for some reason,

docker-compose build

or even:

docker-compose build --no-cache

was not updating my code changes (it was still sending requests to the ip I was using in development).

The answer that I arrived to was to do:

docker volume prune "my-nginx-volume"

and then rebuilding through docker-compose. Just a reminder that this prune command completely erases the selected container. If anyone else reading wishes to add to this solution, feel free to do so. Thanks everyone!

a-maccormack
  • 86
  • 1
  • 7
  • still that is interesting, how it was pointing to correct ip from postman but not from firefox. As I understand you tried postman also before docker volume prune. – Darius.V Oct 11 '21 at 08:41
  • 1
    @Darius.V that was because my react application was still sending a request to 127.0.0.1 despite having changed the IP address to 192.168.100.5 on my code. So the problem wasn't the proxy, which was doing what it needed to (which is why postman worked). The problem was that the request from my application wasn't being sent to the correct IP in the first place (because code never updated when rebuilding). – a-maccormack Oct 11 '21 at 15:15