0

I have been following an article on Medium to deploy Cloud Endpoints v1 in front of a Cloud Run service hosting a REST API and everything works well.

I now have a requirement to enable CORS support and I've added the below configuration to my endpoints YAML file but get an error saying "This service does not allow CORS traffic" when my browser tries to make a pre-flight request (I've tested this with Postman too with the same error). I know there's a flag to enable CORS --cors_preset=basic using environment variables but I'm not sure what key to set with. Any ideas or help is appreciated.

Endpoints YAML snipper:

swagger: '2.0'
info:
  title: Cloud Endpoints with Cloud Run
  description: Testing Cloud Endpoints with Cloud Run
  version: 1.0.0
host: endpoint-<hash>-uc.a.run.app
x-google-endpoints:
- name: endpoint-<hash>-uc.a.run.app
  allowCors: true
schemes:
  - https
produces:
  - application/json

Error:

{
    "code": 7,
    "message": "The service does not allow CORS traffic.",
    "details": [
        {
            "@type": "type.googleapis.com/google.rpc.DebugInfo",
            "stackEntries": [],
            "detail": "service_control"
        }
    ]
}

PS: Thanks Guillaum Blaquiere for the awesome article.

UPDATE: I ended up testing with an incomplete URL and hence received the above error as my backend service wasn't configured to respond to all pre-flight request URLs. Having fixed this, I now get the below error only on the CORS pre-flight configured URL.

{
  "code": 13,
  "message": "INTERNAL_SERVER_ERROR",
  "details": [
    {
      "@type": "type.googleapis.com/google.rpc.DebugInfo",
      "stackEntries": [
        
      ],
      "detail": "application"
    }
  ]
}

and logs:

invalid URL prefix in "", client: <CLIENT_IP>, server: , request: "OPTIONS /api/v1/<REMAINING_URL> HTTP/1.1", host: "endpoint-<HASH>-uc.a.run.app"
Kenneth Mascarenhas
  • 25
  • 9

2 Answers2

0

I would say it's necesary to add ESPv2 Config, I've noticed that the note regarding the ESPv2 config was added since last april, and the Medium document was published on 2019, so I think such required step was not mentioned before.

Later in the same section it's mentioned that the flags for cors are passed by the "--set-env-vars" flag of the deploy command.

You can find more about the ESPv2 Beta startup options in here.

sergio franco
  • 346
  • 2
  • 10
  • Thank you for your answer. I am using gcr.io/endpoints-release/endpoints-runtime-serverless:1 as the image for Cloud Endpoints and as such don't think this would work as they are environment variables for ESPv2 – Kenneth Mascarenhas Aug 07 '20 at 19:13
  • I've just noticed the error that you have posted, and I'd say that you have to replace the value of into the string "endpoint--uc.a.run.app" within then endpoint.yaml appropriate file lines, I'd suggest to delete the lines defined for Cloud Functions and GAE. The HASH value is a lowercase 10 character string. – sergio franco Aug 10 '20 at 20:19
  • I have the actual hash value in my YAML file but removed it here to avoid sharing details publicly. – Kenneth Mascarenhas Aug 12 '20 at 23:45
  • 1
    I think this is a known issue, check this [SO question](https://stackoverflow.com/questions/55872735/ajax-request-to-cloud-run-service-that-requires-authentication) is related to the same issue. – sergio franco Aug 14 '20 at 22:15
  • Thanks Sergio. I managed to resolve my issue by defining the OPTIONS endpoint for all my request endpoint paths in openapi YAML file and handle the CORS request by the backend server sitting behind my cloud run hosted endpoints service. I will update the full details as an answer later this weekend. I think the CORS definition for openapi doesn't work as expected -> x-google-endpoints: - name: endpoint--uc.a.run.app allowCors: true – Kenneth Mascarenhas Aug 15 '20 at 10:38
0

I managed to resolve the issue by defining OPTIONS operations in my YAML file with no security, for each path that I had already defined. See below example YAML file for an endpoint path '/api/v1/hello' with GET and OPTIONS operations defined.

swagger: '2.0'
info:
  title: Cloud Endpoints with Cloud Run
  description: Testing Cloud Endpoints with Cloud Run
  version: 1.0.0
host: endpoint-randomhash-uc.a.run.app
x-google-endpoints:
  - name: endpoint-randomhash-uc.a.run.app
    allowCors: true
schemes:
  - https
produces:
  - application/json
x-google-backend:
  address: https://backend-randomhash-uc.a.run.app
  path_translation: APPEND_PATH_TO_ADDRESS
security:
  - auth0_jwk: []
paths:
  /api/v1/hello:
    get:
      summary: Say hello
      operationId: helloName
      parameters:
        - name: "name"
          in: "query"
          description: "Your name"
          type: "string"
      responses:
        '200':
          description: Successful operation
          schema:
            type: string
    options:
      summary: CORS pre-flight for say hello
      operationId: helloNameOptions
      parameters:
        - name: "name"
          in: "query"
          description: "Your name"
          type: "string"
      responses:
        '200':
          description: Successful operation
          schema:
            type: string
      security: []
securityDefinitions:
  auth0_jwk:
    authorizationUrl: ""
    flow: "implicit"
    type: "oauth2"
    x-google-issuer: "https://project.auth0.com/"
    x-google-jwks_uri: "https://project.auth0.com/.well-known/jwks.json"
    x-google-audiences: "firebase-application-host"

As Sergio pointed out in his comment to a SO question, the other option in my case is to use Firebase Hosting proxy to use the same domain and avoid CORS.

Kenneth Mascarenhas
  • 25
  • 9