3

How do I enable CORS using F# and ASP.NET. I'm trying to authenticate a user with Google but I get the following error in the browser console:

No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:8080' is therefore not allowed access. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

A reproducible example is here https://github.com/sashang/safe-google-auth

It uses F# and the SAFE framework so you'll need that setup if you want to try and reproduce this.

You'll also need to setup a client id and secret with Google+ API (https://console.cloud.google.com/apis/library/plus.googleapis.com)

Once that's done add it to your environment:

Bash:

export GOOGLE_ID="client id"
export GOOGLE_SECRET="client secret"

Windows Powershell:

$Env:GOOLGE_ID="client id"
$Env:GOOGLE_SECRET="client secret"

To build it clone the repo and run 

fake build --target run

Then click on the button Auth with Google with the browser console window open to see the error.

sashang
  • 11,704
  • 6
  • 44
  • 58

1 Answers1

2

In your Server.fs you don't call your configure_cors method

let app google_id google_secret = 
    application {
        url ("http://0.0.0.0:" + port.ToString() + "/")
        use_router webApp
        memory_cache
        use_static publicPath
        service_config configureSerialization
        use_gzip
        use_google_oauth google_id google_secret "/oauth_callback_google" []
        //use_cors "localhost:8080" configure_cors
        configure_cors // Add this line to your program

}
Maxime Mangel
  • 1,906
  • 16
  • 18
  • I thought the saturn framework would call it via use_cors. See the the line above that's commented `use_cors`. I did try it with it uncommented. Do I really have to explicitly call it as `configure_cors`? If I try that it won't compile since the application is computation expression that requires something special but I have no idea what. – sashang Sep 12 '18 at 23:03