1

I am running an nginx webserver to serve my app and between my frontend and express backend I have an nginx reverse proxy. I get the 405 error with no message when I click the stripe pay now button to submit. Looking at devtools reveals the following, the request url is grossly incorrect:

devtools screenshot

405 POST error

Why is the request url appending the url a second time? On the client I have axios configured as such:

const apiClient = axios.create({
  baseURL: "goldcoastcookiecompany.com", // http://localhost:5000
  withCredentials: true,
  headers: {
    Accept: "application/json",
    "Content-Type": "application/json",
    "Referrer-Policy": "no-referrer-when-downgrade",
    "Access-Control-Allow-Origin": "goldcoastcookiecompany.com", // http://localhost:8080
    "Access-Control-Allow-Methods": "GET, POST, DELETE, OPTIONS"
 }

});

On the backend, express cors middleware:

app.use(cors({ credentials: true, origin: 'goldcoastcookiecompany.com' })) // http://localhost:8080 in dev

The route:

router
  .route('/create-payment-intent')
  .post(express.json(), OrdersController.apiCreatePaymentIntent)

The Nginx webserver config:

#### HTTP - redirect all traffic to HTTPS
server {
  listen 80;
  listen [::]:80 default_server ipv6only=on;
  return 301 https://$host$request_uri;
}

#### HTTPS - proxy all requests to Node app 
server {
  #ENABLE HTTP/2 
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name goldcoastcookiecompany.com;

#### USE LETSENCRYPT CERTIFICATES
  ssl_certificate ....
  ssl_certificate_key ....

#### INCLUDE THE SSL CONFIGURATION FROM CIPHERLI.ST
   include snippets/ssl-params.conf;

  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_set_header Host $host;
    proxy_pass http://localhost:8080;
    proxy_ssl_session_reuse off;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
  }
}

and the nginx reverse proxy:

server {
  location / {
  proxy_set_header Host $host;
  proxy_set_header X-Real-IP $remote_addr;
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header X-Forwared-Proto $scheme;
  proxy_pass http://localhost:5000;
}

}

This does not appear to be CORS issue, how and why is the :path added to what the request url that should be https://goldcoastcookiecompany.com/create-payment-intent. From what Iv've read this is a backend issue not necessarily a frontend one. Most of what I gooled is about 405 method not found or cors, but nothing about 405 with no error message.

Kevin T.
  • 668
  • 3
  • 12
  • 29

1 Answers1

1

When you set baseURL: "goldcoastcookiecompany.com", and browser URL is https://goldcoastcookiecompany.com/ , by axios, request URL becomes goldcoastcookiecompany.com/create-payment-intent but this isn't a valid URL because it doesn't have the protocol. It's only a path.
Then, when axios sends that request with XHR or ajax, browser sees there is no protocol, it's not an URL, and assumes you want to submit the request relative to the address you're currently on, then adds your current window URL to beginning of that, and you get windowURL+baseURL+requestPath which is https://goldcoastcookiecompany.com/goldcoastcookiecompany.com/create-payment-intent

Long story short:

  baseURL: "https://goldcoastcookiecompany.com/",


Or if you want it to be relative to the domain:

  baseURL: "/",

When on https://example.com/asd/asd/ and requesting test.html , final URL becomes https://example.com/test.html

Edit: Turns out, it's a problem on nginx configuration. He was serving frontend with the first nginx config, which forwards everything to the frontend, and no way to forward to nodejs backend server. So it was POSTing to frontend. Instead, we added this location block:

location /api/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:5000/;
}

and on client, changed the API URLs accordingly. We did this so nginx can understand if request should be proxied to frontend or backend server.

Cagri
  • 366
  • 1
  • 6
  • This was a good correction and it worked in terms of the requestURL is fixed. However, there is still a 405 error, and in another SO post, https://stackoverflow.com/questions/24415376/post-request-not-allowed-405-not-allowed-nginx-even-with-headers-included, the focus on a fix should be found in my nginx configuration, speciffically how proxy_pass is configured. – Kevin T. Sep 14 '22 at 20:09
  • oh, well can you test on the server the following `curl 127.0.0.1:5000/create-payment-intent -X POST` and see if you still get 405? if not, yeah it's about nginx, but I have looked over and couldn't see any problems – Cagri Sep 14 '22 at 22:21
  • I just tried to run a code similar to yours, it appears you need to add `app.use(router);`, have you done that? – Cagri Sep 14 '22 at 22:36
  • I have 'app.use("/", router)' – Kevin T. Sep 14 '22 at 22:48
  • I just ran the curl on the server, got a response, no 405. n my above comment, there seems to be a hack for this but, I really want to find a proper solution, https://stackoverflow.com/a/26492897/2644004 – Kevin T. Sep 14 '22 at 22:54
  • I put the same configuration as yours, and it works without any issues. however I had to add `listen 8080;` on reverse proxy configuration. is it a mistake on the question, or is it actually like that? https://pastebin.com/DpTEN1zq - and does that answer in the other question work? – Cagri Sep 14 '22 at 23:01
  • 1
    Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/248058/discussion-between-cagri-and-kevin-t). – Cagri Sep 14 '22 at 23:07