Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Gotify component health CORS issue #822

Open
romano opened this issue Nov 7, 2024 · 2 comments
Open

Gotify component health CORS issue #822

romano opened this issue Nov 7, 2024 · 2 comments

Comments

@romano
Copy link

romano commented Nov 7, 2024

Describe the bug
"http://gotify.server.local/health" reports missing CORS header "Access-Control-Allow-Origin". I've managed to allow CORS in Gotify. The service reads message counts but fails to read Gotify's health status.

This bit (lines 54-67) seems to push headers only for messages, but not the health requests. Could be an easy fix but haven't tested it.

   methods: {
    fetchStatus: async function () {
      await this.fetch(`/health`)
        .catch((e) => console.log(e))
        .then((resp) => this.health = resp);
    },
    fetchMessages: async function () {
      const headers = {
        "X-Gotify-Key": this.item.apikey,
      };
      await this.fetch(`/message?limit=100`, { headers })
        .catch((e) => console.log(e))
        .then((resp) => this.messages = resp.messages.length);
    },

As a side note this bit (lines 41-47) returns green health regardless if it achieves connection. Should probably return red by default.

      if (statuses.includes("red")) {
        return "red";
      } else if (statuses.includes("orange")) {
        return "orange";
      }

      return "green";

Expected behavior
No errors

Logs & errors

Browser console output:

TypeError: "focus" is read-only
[contentscript.js:2:347419](moz-extension://31a58c32-a25b-49a4-8767-860809cb7dab/contentscript.js)
Zablokowano żądanie do zasobu innego pochodzenia: zasady „Same Origin Policy” nie pozwalają wczytywać zdalnych zasobów z „http://gotify.server.local/health” (brakujący nagłówek CORS „Access-Control-Allow-Origin”). Kod stanu: 200.

TypeError: this.health is undefined
    status http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    nl http://homer.server.local/resources/index-DgMKGb2N.js:10
    Ui http://homer.server.local/resources/index-DgMKGb2N.js:10
    runIfDirty http://homer.server.local/resources/index-DgMKGb2N.js:10
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    bl http://homer.server.local/resources/index-DgMKGb2N.js:14
    promise callback*gl http://homer.server.local/resources/index-DgMKGb2N.js:14
    br http://homer.server.local/resources/index-DgMKGb2N.js:14
    scheduler http://homer.server.local/resources/index-DgMKGb2N.js:14
    trigger http://homer.server.local/resources/index-DgMKGb2N.js:10
    ur http://homer.server.local/resources/index-DgMKGb2N.js:10
    Tt http://homer.server.local/resources/index-DgMKGb2N.js:10
    set http://homer.server.local/resources/index-DgMKGb2N.js:10
    set http://homer.server.local/resources/index-DgMKGb2N.js:14
    fetchStatus http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    promise callback*fetchStatus http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    created http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    dt http://homer.server.local/resources/index-DgMKGb2N.js:14
    dt http://homer.server.local/resources/index-DgMKGb2N.js:14
    ro http://homer.server.local/resources/index-DgMKGb2N.js:14
    Gf http://homer.server.local/resources/index-DgMKGb2N.js:14
    Gl http://homer.server.local/resources/index-DgMKGb2N.js:14
    Iu http://homer.server.local/resources/index-DgMKGb2N.js:14
    Au http://homer.server.local/resources/index-DgMKGb2N.js:14
    Os http://homer.server.local/resources/index-DgMKGb2N.js:14
    mt http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    L http://homer.server.local/resources/index-DgMKGb2N.js:14
    run http://homer.server.local/resources/index-DgMKGb2N.js:10
    runIfDirty http://homer.server.local/resources/index-DgMKGb2N.js:10
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    bl http://homer.server.local/resources/index-DgMKGb2N.js:14
    promise callback*gl http://homer.server.local/resources/index-DgMKGb2N.js:14
    br http://homer.server.local/resources/index-DgMKGb2N.js:14
    scheduler http://homer.server.local/resources/index-DgMKGb2N.js:14
    trigger http://homer.server.local/resources/index-DgMKGb2N.js:10
    ur http://homer.server.local/resources/index-DgMKGb2N.js:10
    notify http://homer.server.local/resources/index-DgMKGb2N.js:10
    trigger http://homer.server.local/resources/index-DgMKGb2N.js:10
    set value http://homer.server.local/resources/index-DgMKGb2N.js:10
    setup http://homer.server.local/resources/index-DgMKGb2N.js:14
    promise callback*setup http://homer.server.local/resources/index-DgMKGb2N.js:14
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    Iu http://homer.server.local/resources/index-DgMKGb2N.js:14
    Au http://homer.server.local/resources/index-DgMKGb2N.js:14
    Os http://homer.server.local/resources/index-DgMKGb2N.js:14
    mt http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    L http://homer.server.local/resources/index-DgMKGb2N.js:14
    run http://homer.server.local/resources/index-DgMKGb2N.js:10
    Ae http://homer.server.local/resources/index-DgMKGb2N.js:14
    Os http://homer.server.local/resources/index-DgMKGb2N.js:14
    mt http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    ae http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    j http://homer.server.local/resources/index-DgMKGb2N.js:14
    R http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    ae http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    j http://homer.server.local/resources/index-DgMKGb2N.js:14
    R http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    j http://homer.server.local/resources/index-DgMKGb2N.js:14
    R http://homer.server.local/resources/index-DgMKGb2N.js:14
[index-DgMKGb2N.js:14:660](http://homer.server.local/resources/index-DgMKGb2N.js)
    Of http://homer.server.local/resources/index-DgMKGb2N.js:14
    sn http://homer.server.local/resources/index-DgMKGb2N.js:14
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    bl http://homer.server.local/resources/index-DgMKGb2N.js:14
    (asynchroniczny: promise callback)
    gl http://homer.server.local/resources/index-DgMKGb2N.js:14
    br http://homer.server.local/resources/index-DgMKGb2N.js:14
    scheduler http://homer.server.local/resources/index-DgMKGb2N.js:14
    trigger http://homer.server.local/resources/index-DgMKGb2N.js:10
    ur http://homer.server.local/resources/index-DgMKGb2N.js:10
    Tt http://homer.server.local/resources/index-DgMKGb2N.js:10
    set http://homer.server.local/resources/index-DgMKGb2N.js:10
    set http://homer.server.local/resources/index-DgMKGb2N.js:14
    fetchStatus http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    (asynchroniczny: promise callback)
    fetchStatus http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    created http://homer.server.local/resources/Gotify-BiV2DoYj.js:1
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    dt http://homer.server.local/resources/index-DgMKGb2N.js:14
    dt http://homer.server.local/resources/index-DgMKGb2N.js:14
    ro http://homer.server.local/resources/index-DgMKGb2N.js:14
    Gf http://homer.server.local/resources/index-DgMKGb2N.js:14
    Gl http://homer.server.local/resources/index-DgMKGb2N.js:14
    Iu http://homer.server.local/resources/index-DgMKGb2N.js:14
    Au http://homer.server.local/resources/index-DgMKGb2N.js:14
    Os http://homer.server.local/resources/index-DgMKGb2N.js:14
    mt http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    L http://homer.server.local/resources/index-DgMKGb2N.js:14
    run http://homer.server.local/resources/index-DgMKGb2N.js:10
    runIfDirty http://homer.server.local/resources/index-DgMKGb2N.js:10
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    bl http://homer.server.local/resources/index-DgMKGb2N.js:14
    (asynchroniczny: promise callback)
    gl http://homer.server.local/resources/index-DgMKGb2N.js:14
    br http://homer.server.local/resources/index-DgMKGb2N.js:14
    scheduler http://homer.server.local/resources/index-DgMKGb2N.js:14
    trigger http://homer.server.local/resources/index-DgMKGb2N.js:10
    ur http://homer.server.local/resources/index-DgMKGb2N.js:10
    notify http://homer.server.local/resources/index-DgMKGb2N.js:10
    trigger http://homer.server.local/resources/index-DgMKGb2N.js:10
    set value http://homer.server.local/resources/index-DgMKGb2N.js:10
    setup http://homer.server.local/resources/index-DgMKGb2N.js:14
    (asynchroniczny: promise callback)
    setup http://homer.server.local/resources/index-DgMKGb2N.js:14
    tn http://homer.server.local/resources/index-DgMKGb2N.js:14
    Iu http://homer.server.local/resources/index-DgMKGb2N.js:14
    Au http://homer.server.local/resources/index-DgMKGb2N.js:14
    Os http://homer.server.local/resources/index-DgMKGb2N.js:14
    mt http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    L http://homer.server.local/resources/index-DgMKGb2N.js:14
    run http://homer.server.local/resources/index-DgMKGb2N.js:10
    Ae http://homer.server.local/resources/index-DgMKGb2N.js:14
    Os http://homer.server.local/resources/index-DgMKGb2N.js:14
    mt http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    ae http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    j http://homer.server.local/resources/index-DgMKGb2N.js:14
    R http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    ae http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    j http://homer.server.local/resources/index-DgMKGb2N.js:14
    R http://homer.server.local/resources/index-DgMKGb2N.js:14
    d http://homer.server.local/resources/index-DgMKGb2N.js:14
    D http://homer.server.local/resources/index-DgMKGb2N.js:14
    j http://homer.server.local/resources/index-DgMKGb2N.js:14
    R http://homer.server.local/resources/index-DgMKGb2N.js:14

Screenshots
n/a

Configuration
n/a
@bastienwirtz
Copy link
Owner

Hello,

I don't have a Gotify server to check, but I think it's normal the headers are not sent with the /health request, I think this endpoint is public and does not requires the auth token.

How did you managed to allow CORS? directly in Gotify? It could be a bug in Gotify where headers are not sent on the health endpoint. You could try to confirm that by performing a curl request to check the headers, something like curl -I <your-gotify-url>/health

@romano
Copy link
Author

romano commented Nov 29, 2024

Checked that, this is what curl returns:

romano@server:~$ curl -I http://gotify.server.local/health
HTTP/1.1 200 OK
Server: openresty
Date: Fri, 29 Nov 2024 19:29:19 GMT
Content-Type: application/json; charset=utf-8
Content-Length: 37
Connection: keep-alive
X-Served-By: gotify.server.local

Going to /health in a browser returns health and database as "green".

As for how I enabled cors, you can do that either in the gotify config file or environmental variables in docker (which I chose to do):

    environment:
      - GOTIFY_SERVER_CORS_ALLOWORIGINS=[.+\.server\.local]
      - GOTIFY_SERVER_CORS_ALLOWMETHODS=[GET, POST]
      - GOTIFY_SERVER_CORS_ALLOWHEADERS=[X-Gotify-Key, Authorization]

Either way, this is not a big issue really, just a thing that I thought I might report so it's fully functional.

@nodeam nodeam mentioned this issue Dec 5, 2024
Open
8 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@romano @bastienwirtz