Battling with cors_enable

joeblog · March 29, 2020, 6:04pm

I’m trying to get a simple http server going to do an assignment for a Udacity course on CSS. The snag is, doing the assignment involves enabling the server to allow Cross-Origin Resource Sharing (CORS) to allow Udacity’s grading script to mark it.

Following the instructions at https://www.swi-prolog.org/pldoc/man?section=httpcors I’ve come up with the code below, but that doesn’t overcome the Udacity grading script’s “The linked JSON page isn’t at the same origin and directory as the document” error message.

:- use_module(library(http/thread_httpd)).
:- use_module(library(http/http_dispatch)).
:- use_module(library(http/http_files)).
:- use_module(library(http/http_unix_daemon)).
:- use_module(library(http/http_cors)).

:- initialization http_daemon.

:- multifile http:location/3.
:- dynamic   http:location/3.
http:location(images_src, root(images_src), []).
http:location(css, root(css), []).

:- http_handler(root(.), my_handler, [prefix]).
:- http_handler(images_src(.), http_reply_from_files('./images_src', []), [prefix]).
:- http_handler(css(.), http_reply_from_files('./css', []), [prefix]).

my_handler(Request) :-
  cors_enable,
  http_reply_from_files('.', [indexes(['./index.html'])], Request).

jan · March 30, 2020, 6:45am

I think you missed this part of the docs:

Because CORS is a security risc (see references), it is disabled by default. It is enabled through the setting http:cors. The value of this setting is a list of domains that are allowed to access the service. Because * is used as a wildcard match, the value [*] allows access from anywhere.

So, you need to use the setting interface by either loading a setting database or calling set_setting_default/2 in the application.

joeblog · March 30, 2020, 7:12am

Thanks for the prompt reply as always @jan.

I’ve added the line

:- set_setting(http:cors, [*]).

But that doesn’t fix it.

jan · March 30, 2020, 7:18am

You have to be a bit careful using set_setting/2 wrt ordering. So, maybe this wasn’t picked up. Try running ?- setting(http:cors, X). to see whether it did its job. set_setting_default/2 is AFAIK more robust when used as a directive.

Note that you also did not cors enable /images_src and /css this way (but that might be intentional).

joeblog · March 30, 2020, 7:38am

My latest attempt looks like this, but still no luck:

:- use_module(library(http/http_cors)).
:- use_module(library(http/thread_httpd)).
:- use_module(library(http/http_dispatch)).
:- use_module(library(http/http_files)).
:- use_module(library(http/http_unix_daemon)).

:- set_setting_default(http:cors, [*]).

:- initialization http_daemon.

:- multifile http:location/3.
:- dynamic   http:location/3.
http:location(images_src, root(images_src), []).
http:location(css, root(css), []).

:- http_handler(root(.), home_handler, [prefix]).
:- http_handler(images_src(.), images_handler, [prefix]).
:- http_handler(css(.), css_handler, [prefix]).

home_handler(Request) :-
  cors_enable(Request, [methods([get,post])]),
  http_reply_from_files('.', [indexes(['./index.html'])], Request).

images_handler(Request) :-
  cors_enable(Request, [methods([get,post])]),
  http_reply_from_files('./images_src', [], Request).

css_handler(Request) :-
  cors_enable(Request, [methods([get,post])]),
  http_reply_from_files('./css', [], Request).

jan · March 30, 2020, 7:54am

Saved as cors.pl. Deleted :- initialization http_daemon. (this is old school, http_unix_daemon uses initialization(http_daemon,main)). Run

swipl cors.pl --interactive --port=3050

And in a second window

curl -D x http://localhost:3050/cors.pl > /dev/null
cat x

Replies this. Seems pretty much ok to me …

HTTP/1.1 200 OK
Date: Mon, 30 Mar 2020 07:50:18 GMT
Last-modified: Mon, 30 Mar 2020 07:49:07 GMT
Connection: Keep-Alive
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST
Content-Length: 980
Content-Type: text/plain; charset=UTF-8

joeblog · March 30, 2020, 8:45am

Thanks @jan. I also get

Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET, POST

But Udacity’s script still isn’t happy, so that’s where the problem seems to be.

I’ve zero prior experience with CORS, and since I’m just doing the free CSS course for my own experience (not worried about marks), I think I’ll give up on autograding. The code in the supplied index.html file looks like this, and I’m not sure if I’m supposed to configure for it somehow in the server code:

<meta name="udacity-grader" content="http://udacity.github.io/responsive-images/project/project-grader.json" unit-tests="http://udacity.github.io/responsive-images/project/project-grader.js">

Their instructor notes simply tell students to create their own simple server with a link to an out-of date Python example, and I gather from searching slashdot that getting CORS to work is a common frustration irrespective of what programming language one uses for a basic http server.

jan · March 30, 2020, 9:09am

Try ?- debug(http_request). to see which requests they send. Possibly they do a HEAD request?

joeblog · March 30, 2020, 9:25am

Udacity only seems to be using GET. This is not a SWI Prolog problem since trying Node.js’s

http-server -p 8000 --cors

gives the same error.

Many thanks for your help @jan. I’ll have to check Udacity’s forums for what the problem with their script is.

Topic		Replies	Views
Disable CORS, need help General	4	1154	December 7, 2020
CORS error when requesting prolog webservice Help!	2	533	January 16, 2020
Problem with CORS Help!	5	134	June 18, 2024
Battling to understand abstract paths Help!	6	591	June 28, 2019
What is this? \css and \js Something with library(http/http_server)? Predicate	1	597	September 14, 2020

Battling with cors_enable

Related topics