https://cerbos.dev logo
Join Slack
Powered by
Any ideas?
# help
r
Any ideas?
a
Hey if you look in the options request it should tell you which header is being blocked. Add that to the list in the config and you should be good to go.
r
Screen Shot 2023-06-18 at 8.07.08 AM.png
I have added user-agent to the config but it did not help
a
What’s the response of the POST request
r
Screen Shot 2023-06-18 at 8.09.20 AM.png
(response tab is empty because it was blocked ofcourse)
a
How are you running your PDP? Possibly your config file isn’t being picked up
r
docker run --rm --name cerbos -v $(pwd)/policies:/policies -v $(pwd)/conf:/conf -p 3592:3592 -p 3593:3593 ghcr.io/cerbos/cerbos:latest server --config=/conf/config.yaml
Copy code
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.189Z","log.logger":"cerbos.server","message":"maxprocs: Leaving GOMAXPROCS=10: CPU quota undefined"}
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.189Z","log.logger":"cerbos.server","message":"Loading configuration from /conf/config.yaml"}
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.191Z","log.logger":"cerbos.disk.store","message":"Initializing disk store from /policies"}
{"log.level":"info","@timestamp":"2023-06-18T15:06:33.214Z","log.logger":"cerbos.index","message":"Found 16 executable policies"}
a
hmm that looks ok to me - let me try and replicate
r
Using Firefox 113 on a Mac. All other browsers work fine (Chrome, Safari).
a
Ah well that is suspicious
Is this the call you are making?
Copy code
const cerbos = new HTTP(`192.168.0.17:3592}`);
const result = await cerbos.checkResources({
        principal: principal,
        resources: resources
    });
r
yes
a
there is a type in your IP:PORT and the call signiature for checkResources isn't quite right:
Copy code
const cerbos = new HTTP(`<http://localhost:3592>`);
await cerbos.checkResources({
  principal: {
    id: "1",
    roles: ["user"],
  },
  resources: [
    {
      resource: {
        id: "123",
        kind: "test",
      },
      actions: ["user"],
    },
  ],
});
r
One more piece of info (from the console) Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://192.168.0.17:3592/api/check/resources. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 204.
a
ok i can replicate now
give me a minute to test a few things
r
Tested Firefox on Android and Linux, and it’s also broken.
a
ok fixed it
Copy code
---
server:
  httpListenAddr: ":3592"
  grpcListenAddr: ":3593"
  cors: # CORS defines the CORS configuration for the server.
    allowedHeaders: ['content-type', 'user-agent'] # AllowedHeaders is the contents of the allowed-headers header.
    allowedOrigins: ['*'] # AllowedOrigins is the contents of the allowed-origins header.
    disabled: false # Disabled sets whether CORS is disabled.
    maxAge: 10s # MaxAge is the max age of the CORS preflight check.


engine:
  defaultPolicyVersion: "default"

auxData:
  jwt:
    disableVerification: true

storage:
  driver: "disk"
  disk:
    directory: "/policies"
    watchForChanges: true
you config file should be like this - the 
cors
key should be under the 
server
object and 
user-agent
also needs to be in the 
allowedHeaders
list
r
Yup, that solved it. Thanks a lot for the help. Strange that it worked fine on Chrome…
3 Views
Open in Slack
PreviousNext
Powered by