Cross-Origin Issue on Amazon EC2

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

Cross-Origin Issue on Amazon EC2

cedorman
I am working with nanocubes and it works great on my local Ubuntu system.  I am trying to use a larger data set and don't have enough memory on my little system, so I am working on a Amazon EC2.  When I run the included test app, here is the problem:  I am getting a Cross-Origin Request error.  It looks like the following in Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://ip-123-25-62-231.ec2.internal:29512/schema. This can be fixed by moving the resource to the same domain or enabling CORS.

(IP address changed for privacy).  There is a socket.getfqdn() call in csv2Nanocube.py (line 136) which returns the above URL.  I have tried changing it by hard coding it to the external IP address of the server and I have tried changing it to localhost.  Neither of these fixed the problem.

Based on the error text and googling around, I need to enable CORS.  Great, but I have no idea how to do that.  Do I need to do that in the web code (index.html?), the web js code, the csv2Nanocube.py code, in ncserve, in the browser?  If someone could point me to which file I need to modify and what to change, that would be greatly appreciated.  

I have been warned that this makes the application less secure.  This is just for testing and I am not exposing this to the public, so I'm not worried about that right now, I just need it to work.  

Thanks.
Reply | Threaded
Open this post in threaded view
|

Re: [Nanocubes-discuss] Cross-Origin Issue on Amazon EC2

charles adetiloye
If you are using chrome browser, enable CORs

open -a Google\ Chrome --args --disable-web-security -–allow-file-access-from-files

on a mac you do it this way from the console

"~/Application/Chrome.exe" –allow-file-access-from-files -disable-web-security


Should be the same in windows!


=================
Notice: 
This e-mail including any attachments is confidential and may be legally privileged. If you have received it in error please advise the sender immediately by return email and then delete it from your system. Any unauthorized use, distribution, copying or alteration of this email is strictly forbidden.

On Wed, Oct 8, 2014 at 2:02 PM, cedorman <[hidden email]> wrote:
I am working with nanocubes and it works great on my local Ubuntu system.  I
am trying to use a larger data set and don't have enough memory on my little
system, so I am working on a Amazon EC2.  When I run the included test app,
here is the problem:  I am getting a Cross-Origin Request error.  It looks
like the following in Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at http://ip-123-25-62-231.ec2.internal:29512/schema. This
can be fixed by moving the resource to the same domain or enabling CORS.

(IP address changed for privacy).  There is a socket.getfqdn() call in
csv2Nanocube.py (line 136) which returns the above URL.  I have tried
changing it by hard coding it to the external IP address of the server and I
have tried changing it to localhost.  Neither of these fixed the problem.

Based on the error text and googling around, I need to enable CORS.  Great,
but I have no idea how to do that.  Do I need to do that in the web code
(index.html?), the web js code, the csv2Nanocube.py code, in ncserve, in the
browser?  If someone could point me to which file I need to modify and what
to change, that would be greatly appreciated.

I have been warned that this makes the application less secure.  This is
just for testing and I am not exposing this to the public, so I'm not
worried about that right now, I just need it to work.

Thanks.



--
View this message in context: http://nanocubes-discuss.64146.x6.nabble.com/Cross-Origin-Issue-on-Amazon-EC2-tp123.html
Sent from the nanocubes-discuss mailing list archive at Nabble.com.

_______________________________________________
Nanocubes-discuss mailing list
[hidden email]
http://mailman.nanocubes.net/mailman/listinfo/nanocubes-discuss_mailman.nanocubes.net


_______________________________________________
Nanocubes-discuss mailing list
[hidden email]
http://mailman.nanocubes.net/mailman/listinfo/nanocubes-discuss_mailman.nanocubes.net
Reply | Threaded
Open this post in threaded view
|

Re: [Nanocubes-discuss] Cross-Origin Issue on Amazon EC2

Carlos Scheidegger
In reply to this post by cedorman
I’m surprised this doesn’t work, our server actually is supposed to allow any origin by default. See src/Server.cc:

void Request::respondJson(std::string msg_content)
{
    const std::string sep = "\r\n";

    std::stringstream ss;
    ss << "HTTP/1.1 200 OK"                << sep
       << "Content-Type: application/json" << sep
       << "Access-Control-Allow-Origin: *" << sep
       << "Content-Length: %d"             << sep << sep
       << "%s";

    // response_size = 106 + (int) msg_content.size();
    response_size = 106 + (int) msg_content.size(); // banchmark data transfer
    // check how a binary stream would work here
    mg_printf(conn, ss.str().c_str(), (int) msg_content.size(), msg_content.c_str());
}

void Request::respondOctetStream(const void *ptr, int size)
{
    const std::string sep = "\r\n";

    std::stringstream ss;
    ss << "HTTP/1.1 200 OK"                        << sep
       << "Content-Type: application/octet-stream" << sep
       << "Access-Control-Allow-Origin: *"         << sep
       << "Content-Length: %d"                     << sep << sep;

    response_size = 114;
    // check how a binary stream would work here
    mg_printf(conn, ss.str().c_str(), size);


    if (ptr) { // unsage access to nullptr
        mg_write(conn, ptr, size);
        response_size += size;
    }
}


The line with “Access-Control-Allow-Origin: *” is precisely the line that adds CORS support. In fact, when I run the tests locally (following the instructions on ./README.md), I get the CORS headers:

$ curl -i http://127.0.0.1:29512/schema
HTTP/1.1 200 OK
Content-Type: application/json
Access-Control-Allow-Origin: *
Content-Length: 1125

{ "fields":[ { "name":"src", "type":"nc_dim_quadtree_25", "valnames":{  } }, { "name":"Primary_Type", "type":"nc_dim_cat_1", "valnames":{ "CRIM_SEXUAL_ASSAULT":7, "WEAPONS_VIOLATION":30, "KIDNAPPING":13, "OFFENSE_INVOLVING_CHILDREN":19, "CONCEALED_CARRY_LICENSE_VIOLATION":4, "SEX_OFFENSE":27, "INTIMIDATION":12, "PROSTITUTION":23, "ARSON":0, "BURGLARY":3, "ROBBERY":26, "OTHER_OFFENSE_":22, "CRIMINAL_TRESPASS":6, "THEFT":29, "HOMICIDE":10, "OBSCENITY":18, "OTHER_NARCOTIC_VIOLATION":20, "MOTOR_VEHICLE_THEFT":15, "GAMBLING":9, "OTHER_OFFENSE":21, "DECEPTIVE_PRACTICE":8, "NARCOTICS":16, "STALKING":28, "CRIMINAL_DAMAGE":5, "NON-CRIMINAL_(SUBJECT_SPECIFIED)":17, "PUBLIC_PEACE_VIOLATION":25, "BATTERY":2, "ASSAULT":1, "PUBLIC_INDECENCY":24, "LIQUOR_LAW_VIOLATION":14, "INTERFERENCE_WITH_PUBLIC_OFFICER":11 } }, { "name":"defaulttime", "type":"nc_dim_time_2", "valnames":{  } }, { "name":"count", "type":"nc_var_uint_4", "valnames":{  } } ], "metadata":[ { "key":"src__origin", "value":"degrees_mercator_quadtree25" }, { "key":"tbin", "value":"2014-10-08_13:18:26.222155_3600s" }, { "key":"name", "value":"crime50k.csv" } ] }

Can you check this happens to you as well before we debug any further?
-carlos

On Oct 8, 2014, at 12:02 PM, cedorman <[hidden email]> wrote:

> I am working with nanocubes and it works great on my local Ubuntu system.  I
> am trying to use a larger data set and don't have enough memory on my little
> system, so I am working on a Amazon EC2.  When I run the included test app,
> here is the problem:  I am getting a Cross-Origin Request error.  It looks
> like the following in Firefox console:
>
> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
> remote resource at http://ip-123-25-62-231.ec2.internal:29512/schema. This
> can be fixed by moving the resource to the same domain or enabling CORS.
>
> (IP address changed for privacy).  There is a socket.getfqdn() call in
> csv2Nanocube.py (line 136) which returns the above URL.  I have tried
> changing it by hard coding it to the external IP address of the server and I
> have tried changing it to localhost.  Neither of these fixed the problem.
>
> Based on the error text and googling around, I need to enable CORS.  Great,
> but I have no idea how to do that.  Do I need to do that in the web code
> (index.html?), the web js code, the csv2Nanocube.py code, in ncserve, in the
> browser?  If someone could point me to which file I need to modify and what
> to change, that would be greatly appreciated.  
>
> I have been warned that this makes the application less secure.  This is
> just for testing and I am not exposing this to the public, so I'm not
> worried about that right now, I just need it to work.  
>
> Thanks.
>
>
>
> --
> View this message in context: http://nanocubes-discuss.64146.x6.nabble.com/Cross-Origin-Issue-on-Amazon-EC2-tp123.html
> Sent from the nanocubes-discuss mailing list archive at Nabble.com.
>
> _______________________________________________
> Nanocubes-discuss mailing list
> [hidden email]
> http://mailman.nanocubes.net/mailman/listinfo/nanocubes-discuss_mailman.nanocubes.net


_______________________________________________
Nanocubes-discuss mailing list
[hidden email]
http://mailman.nanocubes.net/mailman/listinfo/nanocubes-discuss_mailman.nanocubes.net
Reply | Threaded
Open this post in threaded view
|

Re: [Nanocubes-discuss] Cross-Origin Issue on Amazon EC2

Carlos Scheidegger
In reply to this post by charles adetiloye
Incidentally, please don’t run Chrome like suggested here unless you know *exactly* what you are doing: it is a terrible security idea.

CORS was created to prevent sites from stealing your bank account information: it exists for a very good reason.

-carlos

On Oct 8, 2014, at 12:16 PM, charles adetiloye <[hidden email]> wrote:

> If you are using chrome browser, enable CORs
>
> open -a Google\ Chrome --args --disable-web-security -–allow-file-access-from-files
>
> on a mac you do it this way from the console
>
> "~/Application/Chrome.exe" –allow-file-access-from-files -disable-web-security
>
>
> Should be the same in windows!


_______________________________________________
Nanocubes-discuss mailing list
[hidden email]
http://mailman.nanocubes.net/mailman/listinfo/nanocubes-discuss_mailman.nanocubes.net