How to configure CORS

iehoshia · February 7, 2020, 1:16am

Hi,

I was trying trytond 5.2 with gunicorn and works well with tryton but not with sao. I worked before with uwsgi and works without the need to has CORS configured, but with gunicorn doesn’t work.

I was reading about Configuration file for Tryton — trytond 5.5 documentation but I don’t know how to configure it correctly? Is apart from the docs, where can find an example of that?

Thanks in advance.

ced · February 7, 2020, 9:03am

Could you explain your setup and why you think you need CORS?

The configuration of CORS should not be needed for sao as long as it is distributed from the same hostname as trytond (indeed sao should not work otherwise with or without CORS).
The configuration for CORS should look like:

[web]
cors =
    example.com
    api.example.com

iehoshia · February 7, 2020, 10:13pm

The setup with uwsgi under emperor.uwsgi.service is:

[uwsgi]
socket=/tmp/%n.sock
virtualenv = /opt/test
wsgi=app
module=trytond.application:app
env = TRYTOND_CONFIG=/opt/test/tr.conf
thunder-lock=true
workers = %k
threads = 1
touch-chain-reload = %dreload

The setup with gunicorn under systemd is:

[Unit]
Description=test gunicorn daemon
After=network.target

[Service]
PIDFile=/run/test_gunicorn/pid
Environment="TRYTOND_CONFIG=/opt/test/tr.conf"
User=www-data
Group=www-data
RuntimeDirectory=test_gunicorn
WorkingDirectory=/opt/test
ExecStartPre=/bin/bash -c 'mkdir -p /run/test_gunicorn; chown www-data:www-data /run/test_gunicorn$
ExecStart=/opt/test/bin/python /opt/test/bin/gunicorn --pid /run/test_gunicorn/pid   \
          --bind unix:/run/test_gunicorn/socket trytond.application:app \
          --user=www-data --group=www-data --pythonpath=/opt/test/bin/ \
          --name=test_gunicorn --log-file=/var/log/gunicorn/test.gunicorn.log \
          --timeout=3600 --threads=1 \
          --workers=9 --error-logfile=/var/log/gunicorn/test.gunicorn.error \
          --log-level debug

[Install]
WantedBy=multi-user.target

The config with uwsgi works on tryton 5.0, 5.2 and 5.4 and sao 5.0, 5.2, 5.4 using nginx as proxy server.

Using nginx as proxy server the given config with gunicorn works with tryton 5.0, 5.2, 5.4 and sao 5.0. With sao 5.2 and 5.4 gives the follow traceback:

File "/opt/test/lib/python3.7/site-packages/trytond/wsgi.py", line 181, in __call__
    return self.wsgi_app(environ, start_response)
  File "/opt/test/lib/python3.7/site-packages/trytond/wsgi.py", line 187, in __call__
    return self.app(environ, start_response)
  File "/opt/test/lib/python3.7/site-packages/trytond/wsgi.py", line 159, in wsgi_app
    abort(HTTPStatus.FORBIDDEN)
  File "/opt/test/lib/python3.7/site-packages/werkzeug/exceptions.py", line 772, in abort
    return _aborter(status, *args, **kwargs)
  File "/opt/test/lib/python3.7/site-packages/werkzeug/exceptions.py", line 753, in __call__
    raise self.mapping[code](*args, **kwargs)
werkzeug.exceptions.Forbidden: 403 Forbidden: You don't have the permission to access the requested resource. It is either read-protected or not readable by the server.

I configured cors similar to these but doesn’t work neither.

ced · February 7, 2020, 10:57pm

I guess you should inspect the Origin and Host headers of the request received by Tryton.

By the way, I forgot that CORS should contain the schema so it should be like that:

[web]
cors =
    https://example.com
    https://api.example.com

iehoshia · February 9, 2020, 3:47pm

It works after configure it according to.

system · March 10, 2020, 3:47pm

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.