[BUG]: Unable to try Lago because of CORS #368
Comments
|
Facing the same problem with graphql endpoint cors issue. I also faced a Letsencrypt configuration issue and couldn't resolve it directly. Faced also at every run of the docker containers the error : Unrecognized command "db:migrate:primary", partially solve by running the migration with the container but the error still appear at every 'docker compose up' command To solve the Letsencrypt problem, I proxy all requests with an nginx installed on the host in front of Lago but I still face a Cors problem with Graphql from Lago Front. The first time I heard about Lago was in 2022, when we were looking for alternatives to Stripe but the product and company seemed too young to me at that time. New company, new project, I remembered Lago and told myself that I would try it and give it a chance with 2 more years of development and maturation, but I am a bit disappointed for the moment with the product and of the Lago install process. The product looks great and promising on paper (just clone the repository and run it with Docker), but the reality is a little different. Additionally, the documentation doesn't appear to have been updated in some time. An advise for you Lago team, Documentation is part of the product and should be treated and maintain with the same strength that the product itself. (words of cto) You guys just raised $22 million a few months ago, I hope you accelerate development and hire the right people quickly to really propose an out-of-the-box solution. It would really bother me to have to go through Stripe to manage subscriptions, billings, payments, taxes and everything associated with it because the costs would not be negligible from a business point of view, but their product is solid today. Your promise and vision is great but unfortunately a bit tainted with an initial installation process that doesn't work, even on a clean machine. In the meantime, I'll try to fix the Cors issue and provide the workaround in this thread if I find one, but if I can't, I'll resign myself to using Stripe. |
|
Hello Guys, We are working on a better OSS documentation, we know it's not well documented and it will get better very soon. @qvignaud did you tried with 80 port? @Antho331364 We were mainly focused on our product, like you said, Lago is very powerful when it comes to Billing and it provides you a lot of solutions. CORS issue always comes from bad URL configuration. You need to provide the scheme ( |
|
btw here is the configuration for CORS https://github.com/getlago/lago-api/blob/main/config/initializers/cors.rb |
|
Hello @jdenquin, Thank you for your answer. I succeed to make it work yesterday evening with the following env variable defined in my .bashrc file: And below the nginx proxy config in front of lago to handle SSL/TLS connection: server { } The SSL certificates was generated with the command below executed on the host machine: Hope this will help anyone that faced the SSL and Cors issues. |
|
We will update our documentation this month on how to configure Lago with Docker and Traefik/Letsencrypt instead of Nginx |
|
Hello @jdenquin , I finally got the stuff working but still feel a bit wrong in the way I'm achieving this. With Helm command: While it's sufficient for testing lago and making some trial, I'm not comfortable with this configuration (mainly because I'm not totally aware of what the nginx configuration change involves in terms of security). Also –but it's maybe only me who is wrong– I didn't got a way to make front and API served on the same domain with path selection (nor with different ports), either the server returns 500/503 errors or still facing CORS issue. |
|
This looks good, this is also how we do it in our helm chart https://github.com/getlago/lago-helm-charts/blob/main/templates/ingress.yaml |
|
I'm having the same issue,
My setup is simple digital ocean droplet, with cloudflare A name direct to the droplet. Any idea why is not working? |
|
This is still an issue in 1.10 |
|
@9M6 whats the domain you use for @doctorpangloss which issue, the headers one? |
|
any update on your side guys? |
|
I was able to make it work by updating Steps: Update with: And then updated Rebuilt the api and started containers: Also had to update nginx config |
|
This do the trick yes, but the # frozen_string_literal: true
# NOTE: Read more: https://github.com/cyu/rack-cors
Rails.application.config.middleware.insert_before(0, Rack::Cors) do
allow do
frontend_origin = nil
if ENV.key?('LAGO_FRONT_URL')
origins ENV['LAGO_FRONT_URL']
elsif ENV.key?('LAGO_DOMAIN')
origins ENV['LAGO_DOMAIN']
elsif Rails.env.development?
origins 'app.lago.dev', 'api', 'lago.ngrok.dev'
end
resource '*',
headers: :any,
methods: %i[get post put patch delete options head],
credentials: true
end
end |
|
@jdenquin Hi, currently using @vaisov-gemba suggestions but replacing And it does work. Thanks! |
|
thanks for the feedback @HLFH , we'll do a fix around this asap to avoid having to override this config. |
I've deleted because I wasn't sure if it's not working due to Cloudflare Access I have in front or your provided After restoring to my version of |
|
and just to double check, |
|
the way cors is configured in lago is incompatible with a recentish browser changed. it has to all be revisited unfortunately. should be set for both frontend-url and api-url locations when using nginx. this will provide the correct responses for browsers here is an example ingress using the f5 nginx controller ---
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
acme.cert-manager.io/http01-edit-in-place: "true"
cert-manager.io/cluster-issuer: letsencrypt-prod
meta.helm.sh/release-name: lago
meta.helm.sh/release-namespace: default # your namespace here
nginx.org/location-snippets: |
proxy_set_header 'Access-Control-Allow-Origin' 'https://frontend.mydomain.com';
proxy_set_header 'Vary' 'Origin';
proxy_set_header 'Access-Control-Allow-Methods' 'GET, PUT, POST, DELETE, OPTIONS';
proxy_set_header 'Access-Control-Allow-Headers' 'DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,apollographql-client-name,apollographql-client-version,x-lago-organization,customer-portal-token';
name: lago-ingress
namespace: default
spec:
ingressClassName: nginx
rules:
- host: frontend.mydomain.com
http:
paths:
- backend:
service:
name: lago-front-svc
port:
number: 80
pathType: ImplementationSpecific
- host: lago-api.mydomain.com
http:
paths:
- backend:
service:
name: lago-api-svc
port:
number: 3000
pathType: ImplementationSpecific
tls:
- hosts:
- frontend.mydomain.com
- lago-api.mydomain.com
secretName: lago-ingress-secretobserve this essentially overwrites the cors.rb behavior. it has to be rewritten. i believe the underlying issue is that the codebase extensively uses custom headers and browsers do not report fine grained errors regarding it. all the custom header information should be encoded into the auth token jwt anyway. |
ah, it's set to |
Yes, it should works with |
Describe the bug
We are trying to make basic Lago install through Helm working but we're just unable to because of CORS problems.
Whatever we try the front respond with "An error occurred, please reload the application".
The network section of browser (Firefox and Chromium) tells us "
http://<ip>:<port>/graphqlCORS Failed".To Reproduce
Steps to reproduce the behavior:
helm install --set apiUrl=http://<some-ip>:<some-port> --set frontUrl=http://<some-ip>:<some-port> lago https://github.com/getlago/lago-helm-charts/archive/refs/tags/1.2.1.tar.gzkubectl expose deployment lago-front --type NodePort --port 80andkubectl expose deployment lago-api --type NodePort --port 3000helm upgrade --install --set apiUrl=http://<some-ip>:31200 --set frontUrl=http://<some-ip>:30203 lago https://github.com/getlago/lago-helm-charts/archive/refs/tags/1.2.1http://<some-ip>:30203http://<some-ip>:31200.Expected behavior
Being able to reach the
/graphqlendpoint.Screenshots
N/A
Support
Additional context
I'm feeling like we're not giving right configuration variables as
apiUrlandfrontUrl, but we tried with and withouthttp://prefix, with and without port, and we're encountering continuously this issue at best (else just getting inconsistent URLs).[Tech-market part]
As it's just a very quick trial between billing metric solutions, and comparatively with the others, we would have expected to be simpler to set up and run Lago, especially with the very short doc given with Helm chart repo. It's a bit sad given it looking to be a powerful solution but hard to try out-of-the-box. If I may suggest you could work on better install/demo documentation because I feel like we're not the only ones to encounter this but still the ones motivated enough to report the problem.
[/Tech-market part]
The text was updated successfully, but these errors were encountered: