I'm setting up a lacinia-pedestal graphql server using Clojure, and attempting to access it with client-side javascript code using apollo. However, I'm unable to access the /graphql endpoint on localhost because I'm attempting to access it from a localhost origin (localhost:3000) that is not allowed by CORs. How do I set CORs using lacinia-pedestal?
Here is the server-side code (set up using the lacinia tutorial https://lacinia.readthedocs.io/en/latest/tutorial/component.html)
(ns project.server
(:require [com.stuartsierra.component :as component]
[com.walmartlabs.lacinia.pedestal :as lp]
[io.pedestal.http :as http]))
(defrecord Server [schema-provider server]
component/Lifecycle
(start [this]
(assoc this :server (-> schema-provider
:schema
(lp/service-map {:graphiql true})
http/create-server
http/start)))
(stop [this]
(http/stop server)
(assoc this :server nil)))
(defn new-server
[]
{:server (-> {}
map->Server
(component/using [:schema-provider]))})
Client-side code is super simple (using Apollo):
const client = new ApolloClient({
uri: "http://localhost:8888/graphql"
});
Update: I managed to solve it by merging my lacinia pedestal service map with a standard pedestal service map.
(start [this]
(assoc this :server (-> schema-provider
:schema
(lp/service-map {:graphiql true})
(merge {::http/allowed-origins (constantly true)})
http/create-server
http/start)))
Related
I followed the steps in the tutorial:
https://cloud.google.com/dns/docs/tutorials/create-domain-tutorial
However when I get to the verify my setup, I don't see my servers IP, instead I see this:
$ dig -t NS dandyrobot.com.
; <<>> DiG 9.18.1-1ubuntu1.2-Ubuntu <<>> -t NS dandyrobot.com.
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 56042
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;dandyrobot.com. IN NS
;; Query time: 2339 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Tue Feb 07 11:00:42 EST 2023
;; MSG SIZE rcvd: 43
Are there any additional steps I can take to narrow down what the problem is?
Based on our conversation what seems to be the problem is that the configuration of custom nameserver under Google Domains. Then we use this link as a guidance to resolve this concern.
What I currently have :
I have a custom dns (powered by python twisted), installed in local network and used by all my local devices. That makes me able to customize the answers at the dns Level. The result is that i can reply something like that :
"myprivatenextcloud.mycompany.com. 1062 IN A 192.168.0.7"
for exemple.
All those stuffs are to resolve some domains in my local network, and to limit/block some domains as ads domains, or/and porn.
I can currently "block" some domains because i am replying NXDOMAIN to the query.
for exemple :
; <<>> DiG 9.10.6 <<>> #192.168.0.3 youporn.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 11662
;; flags: qr ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;youporn.com. IN A
;; Query time: 42 msec
;; SERVER: 192.168.0.3#53(192.168.0.3)
;; WHEN: Tue Oct 18 16:49:00 CEST 2022
;; MSG SIZE rcvd: 29
When the "browser" receives this message, it said something like "Cannot access to the website".
What i want :
Now i would like to "redirect" the domain to a other domain. For exemple youporn.com to error.mydomain.com
How can i do that?
I have tried differents things like CNAME (but not working, because of root domain & SSL Issue), DNAME, ANAME (ask for "youporn.com" replies "google.com")
But nothing is working.
The main probleme is that (I think) I cant use the classic redirect as HTTP 30X.
Because I shouldnt receive(and manage) the http request.
The other issue is about https (-> I can simulate with a virtualhost https://google.com, but the cert will be a selfsigned cert, and the browser will "reject" it. It can be solved with mitm. But it's not the goal of my project.)
If i can "redirect" before HTTP(S) calls, I will receive a classic/normal Http on http(s)://error.mydomain.com request and will be able to manage it.
I read somethings about TXT, but nothing working...
If u have some ideas...
Thx in advance.
PS : i know that DNS cant "redirect" the query, but it's to explain my goal.
Some links :
https://redirect.center
https://about.txtdirect.org/hosted/
In one CCL REPL I enter:
(WITH-OPEN-SOCKET (socket :LOCAL-PORT 6667
:LOCAL-HOST "localhost"
:CONNECT :PASSIVE
:REUSE-ADDRESS t)
(let ((stream (ACCEPT-CONNECTION socket :wait t)))
(format stream "hello from server.~%")))
It waits for a connection.
In another CCL process I enter:
(WITH-OPEN-SOCKET (socket-stream :REMOTE-PORT 6667
:REMOTE-HOST "localhost"
:CONNECT :ACTIVE
:REUSE-ADDRESS t)
(format t (READ-LINE socket-stream)))
At this point this process goes into waiting. It neither reads from the server, nor exits.
However, the moment the client connects to the server, the server exits with NIL. So clearly a connection is at least established, but the string "Hello from server." never gets communicated.
I am sure this is something basic I am overlooking. How do I send messages across? Is READ-LINE not the right way to read from a stream? Am I writing from the server incorrectly? How would I establish a bi-directional simple string based communication?
You know that output can be buffered?
That's one typical problem. see FINISH-OUTPUT and FORCE-OUTPUT.
If you write to a buffered stream, you have to make sure that the buffered output is actually fully delivered.
? (WITH-OPEN-SOCKET (socket-stream :REMOTE-PORT 6667
:REMOTE-HOST "localhost"
:CONNECT :ACTIVE
:REUSE-ADDRESS t)
(format t (READ-LINE socket-stream)))
hello from server.
NIL
---
? (WITH-OPEN-SOCKET (socket :LOCAL-PORT 6667
:LOCAL-HOST "localhost"
:CONNECT :PASSIVE
:REUSE-ADDRESS t)
(let ((stream (ACCEPT-CONNECTION socket :wait t)))
(format stream "hello from server.~%")
(finish-output stream)
stream))
#<BASIC-TCP-STREAM ISO-8859-1 (SOCKET/21) #x302000E3FD9D>
I'm trying to use my Godaddy domain with github pages.
At this moment I've added the CNAME.md file with davidcafor.me
Created a A record to 192.30.252.153 and a CNAME www record to davidcafor.github.io.
But the problem is that davidcafor.me doesn't works.
What I'm doing wrong?
Your DNS records are correct:
; <<>> DiG 9.8.3-P1 <<>> a davidcafor.me
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31777
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;davidcafor.me. IN A
;; ANSWER SECTION:
davidcafor.me. 3600 IN A 192.30.252.153
The issue is that github.io is not configured to respond to that SNI. You will need to check with your settings in Github to make sure that domain is properly registered.
I believe the file needs to be named just CNAME, not CNAME.md. Or was it different in 2015?
I have a rather weird problem with using sending out emails from emacs24 with my posteo email account, but everything seems to work just fine with gmail and gmx. This is the relevant part of my current .emacs configuration (it feels like I permuted it a million times with always the same results):
(require 'smtpmail)
(require 'starttls)
(setq message-send-mail-function 'smtpmail-send-it)
(setq tls-program '("gnutls-cli --priority NORMAL:%COMPAT -p %p %h"))
(setq starttls-gnutls-program "gnutls-cli --priority NORMAL:%COMPAT")
(setq starttls-use-gnutls t)
(setq smtpmail-stream-type 'starttls)
(setq smtpmail-smtp-server "posteo.de")
(setq smtpmail-debug-info t)
(setq smtpmail-debug-verb t)
(setq smtpmail-smtp-service 587) ;;587(starttls) or 465(tls/ssl) or ?
(setq starttls-extra-arguments '("--priority NORMAL:%COMPAT"))
The output in my message buffer is:
Sending via mail...
235 2.7.0 Authentication successful
gnutls.c: [0] (Emacs) fatal error: A TLS fatal alert has been received.
gnutls.c: [0] (Emacs) Received alert: Bad record MAC
smtpmail-send-command: Process smtpmail not running
and in my trace of SMTP to posteo.de buffer:
220 mail.posteo.de ESMTP Postfix
250-mail.posteo.de
250-PIPELINING
250-SIZE 76800000
250-VRFY
250-ETRN
250-STARTTLS
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
220 2.0.0 Ready to start TLS
250-mail.posteo.de
250-PIPELINING
250-SIZE 76800000
250-VRFY
250-ETRN
250-AUTH PLAIN LOGIN
250-ENHANCEDSTATUSCODES
250-8BITMIME
250 DSN
AUTH PLAIN <omitted>
235 2.7.0 Authentication successful
Process smtpmail connection broken by remote peer
MAIL FROM:<c.bourjau#posteo.de> SIZE=281
QUIT
The problem seems to be a certificate which appears to have wrong "paddings" (I am not really sure what this is) http://gnutls.org/manual/html_node/On-Record-Padding.html. Another way to produce a similar error on the command line with this server is to do:
$ gnutls-cli --starttls -p 587 posteo.de
Resolving 'posteo.de'...
Connecting to '89.146.220.134:587'...
- Simple Client Mode:
220 mail.posteo.de ESMTP Postfix
*** Starting TLS handshake
*** Fatal error: An unexpected TLS packet was received.
*** Handshake has failed
This error is supposedly fixed if one adds the --priority NORMAL:%COMPAT to the gnutls argument which I tried to no avail (see .emacs).
So the question is: How does on treat certifcates throwing these kind of errors in emacs?
Thanks a lot in advance!
This post gave me the crucial hint: How to ask gnutls to use client certificate in emacs 24
emacs24 seems to ignore the starttls-gnutls-program variable if gnutls-available-p is not nil, which has to be force by overwriting the latter function.
My working configuration is now the following:
(require 'smtpmail)
(require 'starttls)
(setq message-send-mail-function 'smtpmail-send-it)
(defun gnutls-available-p ()
"Function redefined in order not to use built-in GnuTLS support"
nil)
(setq starttls-gnutls-program "gnutls-cli")
(setq starttls-use-gnutls t)
(setq smtpmail-stream-type 'starttls)
(setq smtpmail-smtp-server "posteo.de")
(setq smtpmail-smtp-service 587) ;;587(starttls) or 465(tls/ssl)
(setq starttls-extra-arguments '("--priority" "NORMAL:%COMPAT"))