AJAX / JQUERY API Call

Rolandrevolvermann · July 1, 2019, 7:47am

Now i tested a token with ALL permissions. Nothing changed. Im pretty sure the problem is based on wrong CORS settings. So thats the reason why i asked about a sample nginx CORS setting file.

@thorsten Im not sure, but if support.zammad.com is running local/intern, its the same konfiguration as mine: i have a ubuntu virtual box running. zammad runs on localhost and i try to connect from local also with a python simpleHTTP Server. I think that setup should work, or im wrong?

Rolandrevolvermann · July 2, 2019, 7:49am

Here is my zammad.conf (One version of “thousends” i have tried). No more ideas now…

# this is the nginx config for zammad
#

upstream zammad-railsserver {
    server 127.0.0.1:3000;
}

upstream zammad-websocket {
    server 127.0.0.1:6042;
}

server {
    listen 80;

    # replace 'localhost' with your fqdn if you want to use zammad from remote
    server_name localhost;

    root /opt/zammad/public;

    access_log /var/log/nginx/zammad.access.log;
    error_log  /var/log/nginx/zammad.error.log;

    client_max_body_size 50M;

    location ~ ^/(assets/|robots.txt|humans.txt|favicon.ico) {
        expires max;
    }

    add_header 'Access-Control-Allow-Origin' *;
    add_header 'Access-Control-Allow-Credentials' 'true';
    add_header 'Access-Control-Allow-Methods' 'GET';



    location /ws {
	add_header 'Access-Control-Allow-Origin' *;
    	add_header 'Access-Control-Allow-Credentials' 'true';
    	add_header 'Access-Control-Allow-Methods' 'GET';
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "Upgrade";
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 86400;
        proxy_pass http://zammad-websocket;
    }

    location / {
	add_header 'Access-Control-Allow-Origin' *;
    	add_header 'Access-Control-Allow-Credentials' 'true';
    	add_header 'Access-Control-Allow-Methods' 'GET';
        proxy_set_header Host $http_host;
        proxy_set_header CLIENT_IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_read_timeout 300;
        proxy_pass http://zammad-railsserver;

        gzip on;
        gzip_types text/plain text/xml text/css image/svg+xml application/javascript application/x-javascript application/json application/xml;
        gzip_proxied any;
    }
}

Rolandrevolvermann · July 2, 2019, 1:47pm

No ideas? Vacation?

MrGeneration · July 2, 2019, 1:50pm

Hey,

sorry but we currently experience quite some support volume on the commercial site.
The community is free, which limits us and our time greatly.

Again: I still think thorsten did his requests on the local developer console which doesn’t need further CORS settings. But @thorsteneckel might bring light into the dark here.

Rolandrevolvermann · July 3, 2019, 9:32am

Sorry, I did not want to stress you

I still think thorsten did his requests on the local developer console which doesn’t need further CORS settings.

Then i’m wrong…I thought the issue is caused by the “pre-flight” of the browser. And this IMO has to be handled by the nginx configuration.

PS: Heres the browser output. Browser “asked” with OPTIONS instead of GET.

MrGeneration · July 3, 2019, 2:13pm

Zammad will answer with 404 error, as we do not support OPTIONS within that API-Route you’re using.
We can’t change that, that’s nothing we can help you with.

Rolandrevolvermann · July 3, 2019, 4:40pm

Zammad will answer with 404 error, as we do not support OPTIONS within that API-Route you’re using.

Sure, i know that.

We can’t change that, that’s nothing we can help you with.

Thats nothing i demand. I dont say its a zammad bug. For me its just interesting why my .js is running on @thorsteneckel system. So its not a script issue. Some research told me that the OPTION call causes when the browser made his preflight check . That handling of the preflight IMO is a server configuration. When my script is running on your system , and the setup is almost equal → my local server zammad config is wrong and your setup fine. All i asked for was a sample config of your nginx. YOU dont have to change Zammad

thorsteneckel · July 9, 2019, 2:35pm

Hi @Rolandrevolvermann - my time currently very limited. However, I don’t want to let you in the dark. You can find the file that is responsible for setting the headers here: https://github.com/zammad/zammad/blob/9503ff20cefcfc39cb451562d7ec4fd440198564/app/controllers/application_controller/sets_headers.rb#L18

I assume you need to change that in your setup as well.

Regarding my test result: I was totally out of scope and ran it on the same domain (so exactly not your use case). However, I don’t have the time to setup a testing env so I can’t provide anything else valuable at the current time. Good luck

system · November 6, 2019, 2:35pm

This topic was automatically closed 120 days after the last reply. New replies are no longer allowed.