Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Access-Control-Expose-Headers errors in browser when response from server

See original GitHub issue

Hi,

I’m playing with grpc-web and maybe I’m doing something wrong, but I’m geting this: image

I’m sucessfully recieved request on server with all data… but response end with this errors in browser (Chrome) 😦

My test code:

I create good request from my js client:

import { RegistrationServicePromiseClient, RegistrationServiceClient, Data } from '~/api/registration_grpc_web_pb.js'

...

var data = new Data()
data.setEmail("test@example.com")
data.setPassword("abcd")
var client = new RegistrationServiceClient("https://localhost:8000")
client.newRegistration(data,null,(res) => {
    console.log("res:",res)
})

and on my golang server (in main func):

func main() {
	creds, err := credentials.NewServerTLSFromFile("localhost.pem", "localhost-key.pem")
	if err != nil {
		fmt.Print(err)
	}

	grpcServer := grpc.NewServer(grpc.Creds(creds))
	wrappedGrpc := grpcweb.WrapServer(grpcServer, grpcweb.WithAllowedRequestHeaders([]string{"*"}), grpcweb.WithWebsockets(false))

	srv := TestService{}
	protos.RegisterRegistrationServiceServer(grpcServer, &srv)

	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
		w.Header().Set("Access-Control-Allow-Origin", "*")
		w.Header().Set("Access-Control-Allow-Methods", "POST, GET, OPTIONS, PUT, DELETE")
		w.Header().Set("Access-Control-Allow-Headers", "Accept, Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, x-user-agent, x-grpc-web, grpc-status, grpc-message")
		w.Header().Set("Access-Control-Expose-Headers", "grpc-status, grpc-message")
		if r.Method == "OPTIONS" {
			return
		}

		if wrappedGrpc.IsGrpcWebRequest(r) {
			wrappedGrpc.ServeHTTP(w, r)
		} else {
			// Fall back to other servers.
			http.DefaultServeMux.ServeHTTP(w, r)
		}
	})

	httpserver := http.Server{
		Addr:           ":8000",
		Handler:        handler,
		ReadTimeout:    10 * time.Second,
		WriteTimeout:   10 * time.Second,
		MaxHeaderBytes: 1 << 20,
	}
	http2.ConfigureServer(&httpserver, nil)

	err = httpserver.ListenAndServeTLS("localhost.pem", "localhost-key.pem")
	if err != nil {
		panic(err)
	}
}

func (ser *TestService) NewRegistration(ctx context.Context, data *protos.Data) (*protos.Response, error) {

	fmt.Printf("RECIEVED: %v\n", data)

	res := protos.Response{}
	res.Status = 123
	res.Message = "Test"

	return &res, nil
}

Verion grpc-web: 0.9.1

thanks for any help…

Issue Analytics

  • State:open
  • Created 4 years ago
  • Comments:10 (1 by maintainers)

github_iconTop GitHub Comments

1reaction
scippiocommented, Apr 30, 2019

I think a found the same problem in the past: https://github.com/grpc/grpc-web/issues/518

EDIT: So I think I will try use Envoy…

1reaction
johanbrandhorstcommented, Apr 22, 2019

You shouldn’t have to call http2.ConfigureServer by the way, it will support http/2 automatically.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Access-Control-Expose-Headers - HTTP - MDN Web Docs
The Access-Control-Expose-Headers response header allows a server to indicate which response headers should be made available to scripts ...
Read more >
Preflight Access-Control-Expose-Headers ignored in CORS ...
The Access-Control-Expose-Headers header belongs, not in the response to a preflight request, but in the response to the associated actual ...
Read more >
How to Debug Any CORS Error - HTTP Toolkit
Most CORS errors are quick & easy to debug and fix, once you understand the… ... Response to preflight request doesn't pass access...
Read more >
What Is a CORS Error and How to Fix It (3 Ways) - Bannerbear
The server will return a response with some of these CORS headers to allow or block the ... header of the response, the...
Read more >
A Simple Guide to CORS Errors in the Browser
There are both request and response HTTP headers that make up the CORS ... This tells the browser that any origin is allowed...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Allow passing of metadata to websocket transport upgrade request

Next page

Crash in vendored gRPC-Go version