Cloudron makes it easy to run web apps like WordPress, Nextcloud, GitLab on your server. Find out more or install now.


Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Bookmarks
  • Search
Skins
  • Light
  • Cerulean
  • Cosmo
  • Flatly
  • Journal
  • Litera
  • Lumen
  • Lux
  • Materia
  • Minty
  • Morph
  • Pulse
  • Sandstone
  • Simplex
  • Sketchy
  • Spacelab
  • United
  • Yeti
  • Zephyr
  • Dark
  • Cyborg
  • Darkly
  • Quartz
  • Slate
  • Solar
  • Superhero
  • Vapor

  • Default (No Skin)
  • No Skin
Collapse
Brand Logo

Cloudron Forum

Apps | Demo | Docs | Install
  1. Cloudron Forum
  2. FreeScout
  3. Enable CORS in Freescout API

Enable CORS in Freescout API

Scheduled Pinned Locked Moved Solved FreeScout
cors
14 Posts 3 Posters 2.9k Views 3 Watching
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • girishG Offline
    girishG Offline
    girish
    Staff
    wrote on last edited by
    #3

    While CORS can be enabled in the reverse proxy, the correct place to do this is in the app itself. The app alone knows if it's API has been designed and tested for Cross Origin use cases. Enabling it without understanding the app will is a security issue. So, I guess this comes down to asking Freescout to add these headers in their responses.

    @paridata If you report this, can you please link the github issue or support request here? I am happy to chime in.

    1 Reply Last reply
    0
    • P Offline
      P Offline
      paridata
      wrote on last edited by
      #4

      Here‘s the link to the github issue: https://github.com/freescout-helpdesk/freescout/issues/897

      1 Reply Last reply
      2
      • P Offline
        P Offline
        paridata
        wrote on last edited by
        #5

        Hi, Freescout has already implemented the feature. It is installable through the Freescout module store.

        1 Reply Last reply
        1
        • P Offline
          P Offline
          paridata
          wrote on last edited by
          #6

          After doing the upgrade and specifying the allowed host in the app and clearing the app's cache, I'm still not getting the desired behaviour. Is there some sort of caching happening on the cloudron side? I've tested on my side in an anonymous browser window. As far as I know the ninoxdb app does not intercept/cache the responses from cross origin requests.

          Can you guys say if the app is doing what it should?

          girishG 1 Reply Last reply
          0
          • nebulonN Offline
            nebulonN Offline
            nebulon
            Staff
            wrote on last edited by
            #7

            I am not aware of any such caching on Cloudron side. This is a bit hard to test without that plugin.

            There is a new freescout version coming as well, was released just today. Maybe there were some changes needed as well. I am just building the new app package.

            1 Reply Last reply
            0
            • P paridata

              After doing the upgrade and specifying the allowed host in the app and clearing the app's cache, I'm still not getting the desired behaviour. Is there some sort of caching happening on the cloudron side? I've tested on my side in an anonymous browser window. As far as I know the ninoxdb app does not intercept/cache the responses from cross origin requests.

              Can you guys say if the app is doing what it should?

              girishG Offline
              girishG Offline
              girish
              Staff
              wrote on last edited by
              #8

              @paridata Can you test with the latest Freescout package we released?

              1 Reply Last reply
              0
              • P Offline
                P Offline
                paridata
                wrote on last edited by
                #9

                let's see...

                doing the equivalent to

                curl -X GET -G "https://ticket.paridata.net/api/conversations/6951" -H "X-FreeScout-API-Key: [api key removed]"

                Browser dev tools/Network tab output

                First entry

                Request URL: https://ticket.paridata.net/api/conversations/6951
                Referrer Policy: strict-origin-when-cross-origin
                Provisional headers are shown
                Accept: */*
                Referer: https://app.ninox.com/
                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47
                X-FreeScout-API-Key: [api key removed]
                

                Second entry

                Request URL: https://ticket.paridata.net/api/conversations/6951
                Request Method: OPTIONS
                Status Code: 200 
                Remote Address: 45.9.61.129:443
                Referrer Policy: strict-origin-when-cross-origin
                allow: GET,HEAD
                cache-control: max-age=0, must-revalidate, no-cache, no-store, private
                content-length: 0
                content-type: text/html; charset=UTF-8
                date: Fri, 04 Dec 2020 08:26:51 GMT
                pragma: no-cache
                referrer-policy: no-referrer-when-downgrade
                server: nginx
                strict-transport-security: max-age=15768000
                x-content-type-options: nosniff
                x-download-options: noopen
                x-permitted-cross-domain-policies: none
                x-xss-protection: 1; mode=block
                :authority: ticket.paridata.net
                :method: OPTIONS
                :path: /api/conversations/6951
                :scheme: https
                accept: */*
                accept-encoding: gzip, deflate, br
                accept-language: de,de-DE;q=0.9,en;q=0.8,en-GB;q=0.7,en-US;q=0.6
                access-control-request-headers: x-freescout-api-key
                access-control-request-method: GET
                origin: https://app.ninox.com
                referer: https://app.ninox.com/
                sec-fetch-dest: empty
                sec-fetch-mode: cors
                sec-fetch-site: cross-site
                user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/87.0.4280.67 Safari/537.36 Edg/87.0.664.47
                

                So the preflight request is succesful however doesn't respond with any "Access-Control-Allow-XYZ" headers.

                1 Reply Last reply
                1
                • nebulonN Offline
                  nebulonN Offline
                  nebulon
                  Staff
                  wrote on last edited by
                  #10

                  Since many other apps use CORS normally, I don't think our reverse proxy gets into the way here. Maybe this is still something the upstream addon needs to investigate?

                  1 Reply Last reply
                  1
                  • girishG Offline
                    girishG Offline
                    girish
                    Staff
                    wrote on last edited by
                    #11

                    Right, I think this is Freescout not sending the correct CORS headers. The reverse proxy in Cloudron just passes everything through.

                    1 Reply Last reply
                    0
                    • nebulonN Offline
                      nebulonN Offline
                      nebulon
                      Staff
                      wrote on last edited by
                      #12

                      Is this issue now solved since the upstream issue was resolved again?

                      1 Reply Last reply
                      0
                      • P Offline
                        P Offline
                        paridata
                        wrote on last edited by
                        #13

                        This issue has been fixed.

                        1 Reply Last reply
                        3
                        • nebulonN Offline
                          nebulonN Offline
                          nebulon
                          Staff
                          wrote on last edited by
                          #14

                          This is great news!

                          1 Reply Last reply
                          0
                          Reply
                          • Reply as topic
                          Log in to reply
                          • Oldest to Newest
                          • Newest to Oldest
                          • Most Votes


                          • Login

                          • Don't have an account? Register

                          • Login or register to search.
                          • First post
                            Last post
                          0
                          • Categories
                          • Recent
                          • Tags
                          • Popular
                          • Bookmarks
                          • Search