How to Add CORS to Phoebus services e.g. Alarmlogger

[limesTech]

Hi,
I am missing an option to set CORS, like cors.allowed.origins=http://localhost:3000 it is ignored by Phoebus, but I try to do use it with PVInfo which logs errors like: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://<ALARM_LOGGER_IP:8082/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 200. in the browser console.

[georgweiss]

Not sure I understand this. Can you please clarify the steps your taking to trigger this message?

[limesTech]

Sure,
Alarmlogger is hosted via docker and exposed ports at Host A (IP 192.168.172.2)
PVInfo(Web UI) is hosted via docker exposed ports at Host B (IP 192.168.172.3)

PV Info displays the Alarmlogger Status via http requests from B to A.
Browsers currently only check on http requests if the answer origins from the expected server assuming backend is at the same as frontend. If this check fails, it expects a field in the Header called Access-Control-Allow-Origin which states that this other IP has the permission to display data in its name.

[limesTech]

Another solution would be to use HTTPS instead, there are no CORS checks, due to trust through encryption. But did not see this option for Alarmlogger either.

[georgweiss]

OK, I see. Was not aware of this use case. Will look into this, but cannot commit to a swift solution.

There is also a workaround you could consider: if you put a reverse proxy (e.g. Apache) on the same host in front of the alarm logger service then all requests will originate from the same client.

[limesTech]

Thx, i will kook into it.