Authorization Problems with remote Hoodie
See original GitHub issueHello, I have hoodie running in a separate project, there, my package.json just have one thing:
"dependencies": {
"hoodie": "^22.0.4"
}
(i’ve also tried “git://github.com/hoodiehq/hoodie#tent”, same issues) Then I start it like this (I need to control all the ports and url because later I deploy this to heroku)
node_modules/hoodie/bin/start.js --admin-password 123 --port 4000 --db-url http://admin:123@127.0.0.1:5984 --bind-address localhost
I get “🐶 Your Hoodie app has started on http://localhost:4000”, okay, no problems here. (I’ve also tried changing localhost to 0.0.0.0 or 127.0.0.1, no luck)
For using, I add the hoodie script on my other project like this:
<script type="text/javascript" src="//localhost:4000/hoodie/client.js"></script>
And create the hoodie singleton like this (hoodie.js):
const hoodie = new Hoodie({url: 'http://localhost:4000'});
export default hoodie;
Which I import on the other files to do stuff.
But when I try to sign up for example, by using this:
hoodie.account.signUp({username, password})
.then(...)
.catch(...);
Those requests are made (copying from chrome and skipping the OPTIONS ones):
1 - account
curl ‘http://localhost:4000/hoodie/account/api/session/account’ -X PUT -H ‘Origin: http://localhost:8000’ -H ‘Accept-Encoding: gzip, deflate, sdch’ -H ‘Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4,zh;q=0.2,gl;q=0.2’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2597.0 Safari/537.36’ -H ‘content-type: application/vnd.api+json’ -H ‘accept: application/vnd.api+json’ -H ‘Referer: http://localhost:8000/’ -H ‘Connection: keep-alive’ --data-binary ‘{“data”:{“type”:“account”,“attributes”:{“username”:“3”,“password”:“123”},“id”:“hwn2p6q”}}’ --compressed
Response
201 Created {“data”:{“type”:“account”,“attributes”:{“username”:“3”,“password”:“123”},“id”:“hwn2p6q”}}
2 - session
curl ‘http://localhost:4000/hoodie/account/api/session’ -X PUT -H ‘Origin: http://localhost:8000’ -H ‘Accept-Encoding: gzip, deflate, sdch’ -H ‘Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4,zh;q=0.2,gl;q=0.2’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2597.0 Safari/537.36’ -H ‘content-type: application/vnd.api+json’ -H ‘accept: application/vnd.api+json’ -H ‘Referer: http://localhost:8000/’ -H ‘Connection: keep-alive’ --data-binary ‘{“data”:{“type”:“session”,“attributes”:{“username”:“3”,“password”:“123”}}}’ --compressed
Response
3 - user
curl ‘http://localhost:4000/hoodie/store/api/user%2Fhwn2p6q/’ -X OPTIONS -H ‘Access-Control-Request-Method: GET’ -H ‘Origin: http://localhost:8000’ -H ‘Accept-Encoding: gzip, deflate, sdch’ -H ‘Accept-Language: pt-BR,pt;q=0.8,en-US;q=0.6,en;q=0.4,zh;q=0.2,gl;q=0.2’ -H ‘User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2597.0 Safari/537.36’ -H ‘Accept: /’ -H ‘Referer: http://localhost:8000/’ -H ‘Connection: keep-alive’ -H ‘Access-Control-Request-Headers: accept, authorization’ --compressed
Response
401 Unauthorized
Then it keeps repeating the last request, with JS throwing
XMLHttpRequest cannot load http://localhost:4000/hoodie/store/api/user%2Fxy3hyvb/. Response for preflight has invalid HTTP status code 401
This also happens after sign in, and hoodie shows nothing on its logs, even running with the --verbose
option.
Is this a CORS issue? What should I do? This setup used to work on very old hoodie versions (pre pouchdb)
Issue Analytics
- State:
- Created 7 years ago
- Comments:14 (14 by maintainers)
Top GitHub Comments
@gr2m: any reason we’re not using https://github.com/gr2m/hapi-cors-headers in Hoodie? I’ve just added it to my plugin, tweaked @hoodie/store-server slightly, and now everything is running as expected - errors gone, syncing working, logging out works great. That’s also all running through the webpack/angular2 environment.
I’m going to submit a PR so we can review - keen to see if it works for others.
fyi the 401s after signin have been fixed via https://github.com/hoodiehq/hoodie-account-client/pull/103