[FOLIO-3740] CORS errors in recent Nolana Stripes builds of platform-complete Created: 16/Mar/23  Updated: 17/Mar/23  Resolved: 17/Mar/23

Status: Closed
Project: FOLIO
Components: None
Affects versions: None
Fix versions: None

Type: Bug Priority: TBD
Reporter: John Malconian Assignee: John Malconian
Resolution: Done Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original estimate: Not Specified

Sprint: DevOps Sprint 160
Development Team: FOLIO DevOps
Release: Nolana (R3 2022)
RCA Group: TBD

 Description   

Recent UI work which adds the request option 'credentials: "include"' to the FOLIO API is seeping into previous releases (MG and Nolana) of platform-complete Stripes builds which is breaking functionality in the data-export application and possibly elsewhere. Specifically, when a file of UUIDs is uploaded to the data-export app, the request is blocked by the browser for a CORS policy violation error. Chrome, for example, reports:

"Access to XMLHttpRequest at 'https://folio-nolana-okapi.dev.folio.org/data-export/file-definitions/68140824-65ba-43c3-9a50-fa6b18ad5ad1/upload' from origin 'https://folio-nolana.dev.folio.org' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute."

The problem can be duplicated on both the MG and Nolana reference builds: https://folio-morning-glory.dev.indexdata.com and https://folio-nolana.dev.indexdata.com. Interestingly the issue does not manifest itself on current folio-snapshot builds. Therefore, I believe the credentials: "include" option change is not compatible with older UI code.



 Comments   
Comment by John Malconian [ 17/Mar/23 ]

The fix for this issue was to pin versions of stripes-data-transfer-components as 'resolutions' in the package.json files on the Nolana and Morning Glory release branches of platform-complete so that versions >= v5.4.x don't sneak into the stripes bundle as dependencies. PRs have been merged into release branches.

Generated at Thu Feb 08 23:30:21 UTC 2024 using Jira 1001.0.0-SNAPSHOT#100246-sha1:7a5c50119eb0633d306e14180817ddef5e80c75d.