STCLI-247 improve proxying by overwriting CORS headers, static alias for localhost (#351)

zburke · kaladay · web-flow · commit 272de3ec7029 · 2024-09-16T06:38:30.000-04:00
There are two features here: 1. provide new CLI option `--proxyUrl` to allow use of a hostname other than localhost, allowing the machine hosting the bundle to be accessed remotely (e.g. from a conference room, or by a colleague in another office, etc etc) 2. overwrite CORS headers between the proxy and browser, satisfying the browser that CORS requirements are being met (shhhhh) Details on Part 2: Overwrite the following CORS headers between the proxy and browser: ``` Access-Control-Allow-Origin: http://localhost:${PORT} Access-Control-Allow-Credentials: true ``` The ACAO value is commonly set to `*` for un-credentialed requests (i.e. those without cookies), but as MDN docs for CORS notes: > When responding to a credentialed requests request, the server must > specify an origin in the value of the `Access-Control-Allow-Origin` > header, instead of specifying the “*” wildcard. Likewise, the ACAC value > is commonly set to `""` for uncredentialed requests, but must be set to > `true` to allow cookies to pass through. (from https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS) These CORS settings appear to have been in place before RTR was introduced, and may still be in place in some backend environments. Overriding these values in the local proxy is a prudent way to allow local development to continue while waiting for the backend settings to catch up. Refs STCLI-247 --------- Co-authored-by: Kevin Day <kday@tamu.edu>
diff --git a/doc/commands.md b/doc/commands.md
@@ -1132,6 +1132,7 @@ Option | Description | Type | Notes
 `--stripesConfig` | Stripes config JSON  | string | supports stdin
 `--tenant` | Specify a tenant ID | string |
 `--startProxy` | Start a local proxy server between the platform and okapi | boolean | default: false
+`--proxyHost` | Scheme and host name for the proxy server | string | default: http://localhost
 `--proxyPort` | Port number for the proxy server | number | default: 3010
 
 Examples:
@@ -1150,7 +1151,7 @@ $ stripes serve --existing-build output
 ```
 Serve a platform with a local proxy server that points to a remote okapi server:
 ```
-$ stripes serve --startProxy --proxyPort 3010 --okapi http://some-okapi-server.folio.org
+$ stripes serve --startProxy --proxyHost http://localhost --proxyPort 3010 --okapi http://some-okapi-server.folio.org
 ```
 Serve an app (in app context) with a mock backend server":
 ```
diff --git a/lib/commands/common-options.js b/lib/commands/common-options.js
@@ -11,6 +11,12 @@ module.exports.serverOptions = {
     default: false,
     group: 'Server Options:',
   },
+  proxyHost: {
+    type: 'string',
+    describe: 'Proxy scheme and host',
+    default: 'http://localhost',
+    group: 'Server Options:',
+  },
   proxyPort: {
     type: 'number',
     describe: 'Proxy server port',
diff --git a/lib/commands/serve.js b/lib/commands/serve.js
@@ -15,11 +15,10 @@ const serveBuildOptions = Object.assign({}, buildOptions);
 delete serveBuildOptions.publicPath;
 
 function replaceArgvOkapiWithProxyURL(argv) {
-  const proxyURL = `http://localhost:${argv.proxyPort}`;
-  argv.okapi = proxyURL;
+  argv.okapi = `${argv.proxyHost}:${argv.proxyPort}`;
 
   if (argv.stripesConfig?.okapi) {
-    argv.stripesConfig.okapi.url = proxyURL;
+    argv.stripesConfig.okapi.url = argv.okapi;
   }
 }
 
@@ -52,7 +51,7 @@ function serveCommand(argv) {
 
   if (argv.startProxy) {
     console.info('starting proxy');
-    childProcess.fork(path.resolve(context.cliRoot, './lib/run-proxy.js'), [argv.okapi, argv.proxyPort]);
+    childProcess.fork(path.resolve(context.cliRoot, './lib/run-proxy.js'), [argv.okapi, argv.port, argv.proxyHost, argv.proxyPort]);
     // if we're using a proxy server - we need to pass the proxy host as okapi to Stripes platform
     replaceArgvOkapiWithProxyURL(argv);
   }
diff --git a/lib/run-proxy.js b/lib/run-proxy.js
@@ -5,13 +5,21 @@ const app = express();
 
 const OKAPI = process.argv[2];
 const PORT = process.argv[3];
+const PROXY_HOST = process.argv[4];
+const PROXY_PORT = process.argv[5];
 
 app.use(
   '/',
   createProxyMiddleware({
     target: OKAPI,
     changeOrigin: true,
+    on: {
+      proxyRes: (proxyRes) => {
+        proxyRes.headers['Access-Control-Allow-Origin'] = `${PROXY_HOST}:${PORT}`;
+        proxyRes.headers['Access-Control-Allow-Credentials'] = 'true';
+      },
+    },
   }),
 );
 
-app.listen(PORT);
+app.listen(PROXY_PORT);

Original file line number	Diff line number	Diff line change
`@@ -15,11 +15,10 @@ const serveBuildOptions = Object.assign({}, buildOptions);`
`15`	`15`	`delete serveBuildOptions.publicPath;`
`16`	`16`
`17`	`17`	`function replaceArgvOkapiWithProxyURL(argv) {`
`18`		- const proxyURL = `http://localhost:${argv.proxyPort}`;
`19`		`- argv.okapi = proxyURL;`
	`18`	+ argv.okapi = `${argv.proxyHost}:${argv.proxyPort}`;
`20`	`19`
`21`	`20`	`if (argv.stripesConfig?.okapi) {`
`22`		`- argv.stripesConfig.okapi.url = proxyURL;`
	`21`	`+ argv.stripesConfig.okapi.url = argv.okapi;`
`23`	`22`	`}`
`24`	`23`	`}`
`25`	`24`
`@@ -52,7 +51,7 @@ function serveCommand(argv) {`
`52`	`51`
`53`	`52`	`if (argv.startProxy) {`
`54`	`53`	`console.info('starting proxy');`
`55`		`- childProcess.fork(path.resolve(context.cliRoot, './lib/run-proxy.js'), [argv.okapi, argv.proxyPort]);`
	`54`	`+ childProcess.fork(path.resolve(context.cliRoot, './lib/run-proxy.js'), [argv.okapi, argv.port, argv.proxyHost, argv.proxyPort]);`
`56`	`55`	`// if we're using a proxy server - we need to pass the proxy host as okapi to Stripes platform`
`57`	`56`	`replaceArgvOkapiWithProxyURL(argv);`
`58`	`57`	`}`