Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Feature Request - handle CORS for APIs and config allow origin #1792

Closed
hu-xd opened this issue May 12, 2023 · 11 comments
Closed

Feature Request - handle CORS for APIs and config allow origin #1792

hu-xd opened this issue May 12, 2023 · 11 comments
Labels

Comments

@hu-xd
Copy link

hu-xd commented May 12, 2023

Describe the feature

currently mediamtx REST api don't handle OPTIONS requests, so CORS will fail, this means web-based apps can't call APIs from client-side JavaScript.

I hope mediamtx can handle browser CORS OPTIONS requests, and the allowed origins can be set in config file

@ChoongTuckWai
Copy link

I added import "github.com/gin-contrib/cors"

and add code in func newAPI in api.go

	router.Use(cors.New(cors.Config{
		AllowOrigins: []string{"*"},
		AllowMethods: []string{"GET", "POST"},
		AllowHeaders: []string{"Content-Type, access-control-allow-origin, access-control-allow-headers"},

could dirty solve CORS when call APIs from client-side JavaScript for me.
looking for better way to do that.

@aler9 aler9 added enhancement New feature or request general labels Jun 2, 2023
@phadkesharan
Copy link

I have solved the cors issue using gin-contrib/cors package
should I create a pull request?

@aler9
Copy link
Member

aler9 commented May 30, 2024

since v1.8.0 there's option apiAllowOrigin that allows to solve the CORS issue without manually hacking the code.

@aler9 aler9 closed this as completed May 30, 2024
@phadkesharan
Copy link

I tried setting apiAllowOrigin but it did not work.

in mediamtx.yml
apiAllowOrigin: 'http://localhost:4200'

I tried calling the control API from angular frontend but it failed due to CORS

Error in the browser console:
Access to XMLHttpRequest at 'http://localhost:9997/v3/config/paths/add/sample-webrtc' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

@aler9
Copy link
Member

aler9 commented May 30, 2024

@phadkesharan i tried using the API through an external page with XMLHttpRequest, and i can confirm that the Access-Control-Allow-Origin is present.

It is not present on non-existing pages or when you call the end point with the wrong method (therefore, you're probably using the wrong method, which in case of the /config/paths/add endpoint should be POST). This is a secondary bug that will be fixed.

@phadkesharan
Copy link

@phadkesharan i tried using the API through an external page with XMLHttpRequest, and i can confirm that the Access-Control-Allow-Origin is present.

It is not present on non-existing pages or when you call the end point with the wrong method (therefore, you're probably using the wrong method, which in case of the /config/paths/add endpoint should be POST). This is a secondary bug that will be fixed.

I am sure I used the right method (POST) while calling the API
This is my request :

let bodyContent = JSON.stringify({
  "name": "sample-webrtc" ,
  "source": "rtsp://localhost:8554/sample"
});

let response = await fetch("http://localhost:9997/v3/config/paths/add/sample-webrtc", { 
  method: "POST",
  body: bodyContent
});

let data = await response.text();
console.log(data);

I have enabled origin for control API in mediamtx.yml file

# Enable controlling the server through the Control API.
api: yes
# Address of the Control API listener.
apiAddress: :9997
# Enable TLS/HTTPS on the Control API server.
apiEncryption: no
# Path to the server key. This is needed only when encryption is yes.
# This can be generated with:
# openssl genrsa -out server.key 2048
# openssl req -new -x509 -sha256 -key server.key -out server.crt -days 3650
apiServerKey: server.key
# Path to the server certificate.
apiServerCert: server.crt
# Value of the Access-Control-Allow-Origin header provided in every HTTP response.
apiAllowOrigin: 'http://localhost:4200'

but when I make the request from my frontend application I get the error :
Access to XMLHttpRequest at 'http://localhost:9997/v3/config/paths/add/sample-webrtc' from origin 'http://localhost:4200' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

@jonra1993
Copy link

jonra1993 commented Jun 3, 2024

I was facing the same error when using React on the client side. The best I could do was use Caddy as reverse proxy and add CORS.

Caddyfile

(cors) {
  @cors_preflight method OPTIONS
  @cors header Origin {args.0}

  handle @cors_preflight {
    header Access-Control-Allow-Origin "*"
    header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
    header Access-Control-Allow-Headers "Content-Type"
    header Access-Control-Max-Age "3600"
    respond "" 204
  }

  handle @cors {
    header Access-Control-Allow-Origin "*"
    header Access-Control-Expose-Headers "Link"
  }
}

http://localhost:4000 {
    import cors http://localhost
    reverse_proxy localhost:9997   
}

caddy run --config Caddyfile

Reference is here https://kalnytskyi.com/posts/setup-cors-caddy-2/

@phadkesharan
Copy link

@aler9 should I create a new issue for addressing this problem ?

Copy link
Contributor

This issue is mentioned in release v1.8.3 🚀
Check out the entire changelog by clicking here

@aler9
Copy link
Member

aler9 commented Jul 6, 2024

Fixed again by #3535

Copy link
Contributor

github-actions bot commented Jul 7, 2024

This issue is mentioned in release v1.8.4 🚀
Check out the entire changelog by clicking here

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

5 participants