https://cerbos.dev logo
#help
Title
# help
r

Rafael Szuminski

06/17/2023, 11:43 PM
Any ideas?
a

Alex Olivier (Cerbos)

06/18/2023, 3:03 PM
Hey if you look in the options request it should tell you which header is being blocked. Add that to the list in the config and you should be good to go.
r

Rafael Szuminski

06/18/2023, 3:07 PM
Screen Shot 2023-06-18 at 8.07.08 AM.png
I have added user-agent to the config but it did not help
a

Alex Olivier (Cerbos)

06/18/2023, 3:08 PM
What’s the response of the POST request
r

Rafael Szuminski

06/18/2023, 3:09 PM
Screen Shot 2023-06-18 at 8.09.20 AM.png
(response tab is empty because it was blocked ofcourse)
a

Alex Olivier (Cerbos)

06/18/2023, 3:10 PM
How are you running your PDP? Possibly your config file isn’t being picked up
r

Rafael Szuminski

06/18/2023, 3:11 PM
docker run --rm --name cerbos -v $(pwd)/policies:/policies -v $(pwd)/conf:/conf -p 3592:3592 -p 3593:3593 ghcr.io/cerbos/cerbos:latest server --config=/conf/config.yaml
Copy code
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.189Z","log.logger":"cerbos.server","message":"maxprocs: Leaving GOMAXPROCS=10: CPU quota undefined"}
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.189Z","log.logger":"cerbos.server","message":"Loading configuration from /conf/config.yaml"}
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.191Z","log.logger":"cerbos.disk.store","message":"Initializing disk store from /policies"}
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.214Z","log.logger":"cerbos.index","message":"Found 16 executable policies"}
a

Alex Olivier (Cerbos)

06/18/2023, 3:12 PM
hmm that looks ok to me - let me try and replicate
r

Rafael Szuminski

06/18/2023, 3:13 PM
Using Firefox 113 on a Mac. All other browsers work fine (Chrome, Safari).
a

Alex Olivier (Cerbos)

06/18/2023, 3:14 PM
Ah well that is suspicious
Is this the call you are making?
Copy code
const cerbos = new HTTP(`192.168.0.17:3592}`);
const result = await cerbos.checkResources({
        principal: principal,
        resources: resources
    });
r

Rafael Szuminski

06/18/2023, 3:19 PM
yes
a

Alex Olivier (Cerbos)

06/18/2023, 3:20 PM
there is a type in your IP:PORT and the call signiature for checkResources isn't quite right:
Copy code
const cerbos = new HTTP(`<http://localhost:3592>`);
await cerbos.checkResources({
  principal: {
    id: "1",
    roles: ["user"],
  },
  resources: [
    {
      resource: {
        id: "123",
        kind: "test",
      },
      actions: ["user"],
    },
  ],
});
r

Rafael Szuminski

06/18/2023, 3:22 PM
One more piece of info (from the console) Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://192.168.0.17:3592/api/check/resources. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 204.
a

Alex Olivier (Cerbos)

06/18/2023, 3:25 PM
ok i can replicate now
give me a minute to test a few things
r

Rafael Szuminski

06/18/2023, 3:26 PM
Tested Firefox on Android and Linux, and it’s also broken.
a

Alex Olivier (Cerbos)

06/18/2023, 3:38 PM
ok fixed it
Copy code
---
server:
  httpListenAddr: ":3592"
  grpcListenAddr: ":3593"
  cors: # CORS defines the CORS configuration for the server.
    allowedHeaders: ['content-type', 'user-agent'] # AllowedHeaders is the contents of the allowed-headers header.
    allowedOrigins: ['*'] # AllowedOrigins is the contents of the allowed-origins header.
    disabled: false # Disabled sets whether CORS is disabled.
    maxAge: 10s # MaxAge is the max age of the CORS preflight check.


engine:
  defaultPolicyVersion: "default"

auxData:
  jwt:
    disableVerification: true

storage:
  driver: "disk"
  disk:
    directory: "/policies"
    watchForChanges: true
you config file should be like this - the
cors
key should be under the
server
object and
user-agent
also needs to be in the
allowedHeaders
list
r

Rafael Szuminski

06/19/2023, 12:45 AM
Yup, that solved it. Thanks a lot for the help. Strange that it worked fine on Chrome…
3 Views