-
Notifications
You must be signed in to change notification settings - Fork 100
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
RPC Server: Basic Authentication doesn't work with CORS #811
Comments
cschuchardt88
changed the title
RPC Server: Basic Auth with no CORS Access-Control-Allow-Credentials
RPC Server: Basic Authentication doesn't work with CORS
Aug 19, 2023
This was referenced Aug 28, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
You allow CORS on RPC Server, but do not allow "Access-Control-Allow-Credentials" if there is basic auth enabled. You do not follow the specification. In short the browser isn't sending the credentials for the login, cause of CORS is not configured right on RPC server.
neo-modules/src/RpcServer/RpcServer.cs
Line 161 in 99ffc84
Also note The CORS specification states that setting origins to "*" (all origins) is invalid if the Access-Control-Allow-Credentials header is present.
To Reproduce
Steps to reproduce the behavior:
fetch('http://127.0.0.1:20332/?jsonrpc=2.0&id=1&method=getapplicationlog¶ms=[%220x632158b854f3e9cf132ba20b4aacbd5066bb9c330fe1a53a51d1a38c66fd175a%22]');
in console.Expected behavior
CORS to work with basic auth enabled.
Platform:
The text was updated successfully, but these errors were encountered: