Page 1 of 1

[Solved] CORS issue

Posted: Mon Nov 26, 2018 6:27 pm
by ncpv
Zoneminder version: 1.32.2 (built from sources)
OS: Linux Gentoo
Web server: Apache

Note: I am aware that building Zoneminder from sources is discouraged, however, the latest version of Zoneminder available for installation in Gentoo portage is 1.30.4 and it is completely unusable with fully updated Linux Gentoo system (it segfaults). https://forums.gentoo.org/viewtopic-t-1084192.html.

So, I obtained sources from github and successfully compiled Zoneminder. It works perfectly fine. There are no problem with build or installation.

The CORS issue I am running into is related to the fact that I am using three different servers to host cameras.

The main server that runs the Web interface

Code: Select all

example.com
And three servers (in subdomain) to host the cameras:

Code: Select all

a.example.com
b.example.com
c.example.com
When I click on the camera (which is hosted by a.example.com) in the console, I can see the stream from the camera, but the event list is empty and the page is constantly refreshing. The developer console is full of Cross-Origin Request Blocked error:

Code: Select all

(Reason: CORS request did not succeed).
In addition to that there is another error constantly appearing in the console:

Code: Select all

SyntaxError: "JSON.parse: unexpected character at line 1 column 1 of the JSON data"
    decode https://example.com/tools/mootools/mootools-core.js:6672:26
    success https://example.com/tools/mootools/mootools-core.js:6717:32
    wrapper https://example.com/tools/mootools/mootools-core.js:1723:16
    onStateChange https://example.com/tools/mootools/mootools-core.js:6291:4
    wrapper https://example.com/tools/mootools/mootools-core.js:1723:16
    bind https://example.com/tools/mootools/mootools-core.js:993:11
The CORS request is coming from example.com to a.example.com and it is as follows:

Code: Select all

https://a.example.com/index.php?view=request&request=status&entity=events&id=2&count=20&sort=Id%20desc.
The web server log lists the failed request with code 200. When I try to visit the failed URL it prompts me with login page. If I login in, it does not solve the problem.

I tried using the config file from https://github.com/ZoneMinder/zoneminde ... -cors.conf but the error still persists (I did adopt config for my installation).

What can be done to solve it?

Re: CORS issue

Posted: Mon Nov 26, 2018 8:12 pm
by iconnor
You need a Server entry under options -> Servers for example.com

Re: CORS issue

Posted: Mon Nov 26, 2018 8:44 pm
by ncpv
You need a Server entry under options -> Servers for example.com
I do have it.

Just to be sure, I deleted and created it again.

It does not affect the issue.

However, I do not know whether or not this is important, but all servers show status "Unknown", there is no CpuLoad data, Free/Total memory is zero, Free/Total Swap is zero too.

And also, all servers point to one physical machine (their hostnames resolve to the same IP address), but I strongly believe this is not related to this CORS issue. This has been done to overcome limitation of the per-host connection limit in browsers. In this way it is possible to view multiple cameras at the same time.

Re: CORS issue

Posted: Mon Nov 26, 2018 8:51 pm
by iconnor
Turn on debug and let's see what the logs say.
If ZM is setting CORS then there will be a
Setting Access-Controll-Allow-Origin from
and if not then
example.com is not found in servers list.

Re: CORS issue

Posted: Mon Nov 26, 2018 9:08 pm
by ncpv
With the Debug on, the following appeared in the log:

Code: Select all

11/26/18 15:59:40.403089 web_php[12885].DBG [View: options Request:  Action: ] at index.php line 209
11/26/18 15:59:45.903302 web_php[12885].DBG [View: request Request: status Action: ] at index.php line 209
11/26/18 15:59:50.901345 web_php[12885].DBG [View: request Request: status Action: ] at index.php line 209
11/26/18 15:59:53.259988 web_php[12885].DBG [View: console Request:  Action: ] at index.php line 209
11/26/18 15:59:56.795315 web_php[12885].DBG [View: watch Request:  Action: ] at index.php line 209
11/26/18 15:59:58.074247 web_php[12885].DBG [Setting Access-Controll-Allow-Origin from https://example.com] at includes/functions.php line 56
11/26/18 15:59:58.074508 web_php[12885].DBG [View: request Request: stream Action: ] at index.php line 209
11/26/18 15:59:58.074586 web_php[12885].DBG [Redirecting to login] at index.php line 229
11/26/18 15:59:58.242360 web_php[12885].DBG [Setting Access-Controll-Allow-Origin from https://example.com] at includes/functions.php line 56
11/26/18 15:59:58.242618 web_php[12885].DBG [View: request Request: stream Action: ] at index.php line 209
11/26/18 15:59:58.242697 web_php[12885].DBG [Redirecting to login] at index.php line 229
11/26/18 15:59:58.409661 web_php[12885].DBG [View: watch Request:  Action: ] at index.php line 209
11/26/18 15:59:58.964601 web_php[12885].DBG [Setting Access-Controll-Allow-Origin from https://example.com] at includes/functions.php line 56
11/26/18 15:59:58.964840 web_php[12885].DBG [View: request Request: stream Action: ] at index.php line 209
11/26/18 15:59:58.964924 web_php[12885].DBG [Redirecting to login] at index.php line 229
And it continues until I close the camera view.

Just for the test, I deleted example.com from servers and the Setting Access-Controll-Allow-Origin was still in the logs.

And please, see edit to my previous post - I made the edit after you already gave answer to it.

Re: CORS issue

Posted: Mon Nov 26, 2018 9:27 pm
by iconnor
The important bit is this:
11/26/18 15:59:58.074586 web_php[12885].DBG [Redirecting to login] at index.php line 229

I think you need to try out our current master builds. There are some missing auth= in the various status urls.

Isaac

Re: CORS issue

Posted: Mon Nov 26, 2018 9:33 pm
by ncpv
I think you need to try out our current master builds. There are some missing auth= in the various status urls.
I downloaded the master two days ago. Was there some fix for this since then?

I will try anyway.

Re: CORS issue

Posted: Mon Nov 26, 2018 10:24 pm
by ncpv
@iconnor,

Can you please point out place in code which should set the auth token? I guess I can try to figure out what is going on there.

Re: CORS issue

Posted: Tue Nov 27, 2018 12:24 am
by ncpv
There are some missing auth= in the various status urls.
Thanks a lot. With this hint I was able to figure out that ZM_AUTH_HASH_LOGINS config option was not set. This was causing the auth_hash global variable to be not declared and as result - auth= was not being sent in queries.