P
Pepper
·
Added a discussion
Messenger / jot-server: CORS header error

Hi,

I've moved to another server and installed jot-server 2.0 on the new one. After some time (around 24 hours) it stopped working. In the console I get "Berechtigung/Credential wird nicht unterstützt, wenn die CORS-Kopfzeile 'Access-Control-Allow-Origin' auf '*' gesetzt ist" (Permission/Credential is not supported when CORS header Access-Control-Allow-Origin set to '*').

I've tried to connect directly to the jot-server what is not sending any CORS header and is only working on ipv6. So I'm using apache proxy module to listen on ipv4 and ipv6 and forwarding to jot-server.

Is there any possibility to fix that?

  • 895
Comments

    • P

      When removing the CORS header I get: Firefox kann keine Verbindung zu dem Server unter wss://jot.dudu.social/primus/085/q5c2ivp2/websocket?_primuscb=PJBQI7n aufbauen (Firefox can not establish a connection to server wss://jot.dudu.social/primus/085/q5c2ivp2/websocket?_primuscb=PJBQI7n)

      • P

        After using the old installation (running on another server) it is working again.

        • Hello!

          When configuring the Server URL in the Messenger settings, make sure it starts with https:// if you're using a certificate during Jot Server installation. If you're not using a certificate, then it should start with http://. There's no need to use wss://.

          • P

            This I've done. The Browser still first connects to https first and then using wss.

            atm the way I try to establish:

            • Apache server send UNA-Page (dudu.social) to client
            • Javascript on client connects via IPv4 to Apache reverse proxy via https://jot.dudu.social using secret
            • Reverse Proxy terminates the SSL-Connection and connects to jot-server (same server. So can be unencrypted) what is listening in an IPv6-Address

            The Problem is CORS:

            • jot-Server is not sending CORS headers, so the reverse proxy must do
            • When Apache sends the CROS header Access-Control-Allow-Origin with value '* ' the browser in the JS-Console shows error that Permission/Credential is not supported
            • When Apache does not send the header in the console shows that i can not connect to wss://jot.dudu.social because of missing CORS header

            I hope this explains the problem.

            PS: A description of CORS is https://en.wikipedia.org/wiki/Cross-origin_resource_sharing

            Login or Join to comment.