Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Clients are unable to connect to server during selenium tests

I'm working on selenium tests (written in C# using the chrome webdriver) for a javascript web app that uses a backend server running on WebApi 5.2.4. It is CORS enabled with very permissive settingss:

namespace SealingService
{
    public static class WebApiConfig
    {
        public static void Register(HttpConfiguration config)
        {
            // Web API configuration and services

            var cors = new EnableCorsAttribute("*", "*", "*");
            config.EnableCors(cors);

            // etc...
        }
    }
}

Normally everything works as expected. But on some machines when the server is started by the test scripts the client encounters CORS errors on every request. The chrome dev console shows the standard Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. message. The server logs show that the OPTION requests are reaching it, and it's sending a response.

When I try to access any of the API routes manually, the server returns the generic ASP.NET 404 page. This makes me think that our CORS configuration actually could be working correctly, but the server is not being started/configured correctly by our test script, so the routes are not being registered. Thus, all API routes are returning the 404 page, which is obviously not CORS enabled.

This is the applicationhost.config used by IIS during the tests. This is how the server is started by the test script:

public static Process StartIIS(string siteName)
{
    return Process.Start(@"C:\Program Files (x86)\IIS Express\iisexpress.exe", $"/site:{siteName} /config:{_applicationHostConfigFilePath}");
}

The errors only occur on some machines, and we can't figure out what is configured differently between them. I've tried using Chrome's --disable-web-security flag but it doesn't seem to make any difference.

like image 611
David Reed Avatar asked Jul 31 '18 15:07

David Reed


1 Answers

You can usually solve pre-flight errors with a change to your web.config:

<system.webServer>

    ...

<httpProtocol>
    <customHeaders>
        <add name="Access-Control-Allow-Origin" value="*" />
        <add name="Access-Control-Allow-Headers" value="Origin, X-Requested-With, Content-Type, Accept, Cache-Control" />
        <add name="Access-Control-Allow-Credentials" value="true" />
        <add name="Access-Control-Allow-Methods" value="GET, POST, PUT, DELETE, OPTIONS" />
    </customHeaders>
</httpProtocol>
</system.webServer>

Or via code in a custom handler with something like:

if (request.Headers.Contains("Origin") && request.Method.Method == "OPTIONS")
{
    var response = new HttpResponseMessage();
    response.StatusCode = HttpStatusCode.OK;
    response.Headers.Add("Access-Control-Allow-Origin", "*");
    response.Headers.Add("Access-Control-Allow-Headers", "Origin, Content-Type, Accept, Authorization");       
    response.Headers.Add("Access-Control-Allow-Methods", "DELETE, POST, PUT, OPTIONS, GET");
}

If it works you can then try refining things by e.g. changing Access-Control-Allow-Origin to just your front-ends address.

like image 72
Ben Hall Avatar answered Oct 20 '22 15:10

Ben Hall