Failing on some networks

[vvasuki]

Report from @avinashvarna (chrome+win) : https://pastebin.com/raw/AJXdK6jw

Prominent part:

sanskrit-coders.github.io/:1 Failed to load https://api.vedavaapi.org/couchdb/dict_entries/_design/index_headwords/_view/index_headwords?limit=500&start_key=%22r%22&reduce=true&group=true: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://sanskrit-coders.github.io' is therefore not allowed access. The response had HTTP status code 403.

This is strange, as CORS is enabled on the couchdb server (visible in the config file and the fauxton UI).

and indeed on my computer:

@avinashvarna - I wonder if there is some chrome setting you've made (honored across devices) that causes this? Can you check from an incognito window? Also, can you check firefox javascript console and open a new bug for it if needed?

[vvasuki]

Update from @avinashvarna - "I tried it on my wife's phone as well, out of curiosity. Didn't work there either (with wifi/cellular). Have you tried independently on a machine where you haven't logged in to vedavaapi ?
"

And an excerpt from an earlier message:

Laptop - FF (Win) + Chrome (Win)
Phone - FF (Android) + Chrome (Android) v 63.0.3239.111
चतुर्ष्वपि कार्यं नाकरोत् ।
यदा भवता प्रथमवारं sanskrit-programmers मध्ये सूचना प्रेषिता तदा मया प्रयुक्तम् आसीत् । तदा तु कार्यं करोति स्म इति स्मरामि ।

[vvasuki]

Confirmed to work from an incognito window on my computer.

[avinashvarna]

On FF (Win), I get TypeError which seems to be covered by #2.

I don't sign into chrome, so it's unlikely that there is a setting remembered across devices. However, same result from incognito mode as well:

I think the main problem is the 403 Forbidden error. At that point, the server probably doesn't return the CORS header. Seems to be reproducible on all devices I have access to (including my wife's desktop and phone).

[avinashvarna]

Same result (403 forbidden) in FF on ubuntu VM as well:

Not sure what's going on. If it works for everyone else, then don't spend too much time on it.

[avinashvarna]

I think this has to do with the server (api.vedavaapi.org) not supporting HTTPS correctly. For example, I can access http://api.vedavaapi.org/scala/swagger/index.html fine (if I type http explicitly), but https://api.vedavaapi.org/scala/swagger/index.html gives me a 403 error.

I have the HTTPS everywhere plugin installed in Chrome which redirects traffic to https if the website supports it.

[vvasuki]

The strange thing is that https://api.vedavaapi.org/scala/swagger/index.html works fine on my computer ..

[avinashvarna]

Curioser and curioser. 😮 Not sure if the server logs can help us.

[vvasuki]

mitra, tvAm vedavApigaNe kasminchid adhunaivAmantritavAn; api cha https://github.com/vedavaapi/vedavaapi-servercfg/issues/6 ityasmin niyukto.asi

[avinashvarna]

Looking at the logs: There were a lot of:
[Wed Dec 20 07:53:09.208854 2017] [authz_core:error] [pid 14052] [client 72.208.200.253:57957] AH01630: client denied by server configuration: proxy:http://localhost:9090/swagger/index.html
[Wed Dec 20 07:53:10.268342 2017] [authz_core:error] [pid 14052] [client 72.208.200.253:57957] AH01630: client denied by server configuration: /home/samskritam/vedavaapi-servercfg/apache2/static/favicon.ico, referer: https://api.vedavaapi.org/scala/swagger/index.html

Googling brought me to: https://wiki.apache.org/httpd/ClientDeniedByServerConfiguration

Proxying to a service with no explicit access in a location block.
ProxyPass /foo/ http://internal.example.com:8900/
ProxyPassReverse /foo/ http://internal.example.com:8900/

Applying the recommended solution for Apache 2.4:

Solution (2.4):
Location /foo>
Require all granted

solves the issue. Now I can access https://api.vedavaapi.org/scala/swagger/index.html, the dict UI works fine on chrome etc.

@vvasuki How was it ever working for you without this setting?

[avinashvarna]

I have modified the conf file on the server. Should I update this repo? Didn't want to do it because the server conf and the github versions didn't match to begin with.

[vvasuki]

आह् - साधु! कृपया कोशे रक्षतु - सर्वदा तत्र स्यादेव प्रयोग्या व्यवस्थासञ्चिका रक्षणीया।

                32.	  # Secured forward proxy - to access pesky but necessary government sites
		33.	  ProxyRequests On
		34.	  ProxyVia On
		35.	  <Proxy "*">
		36.	    Require ip 24.23.143.72
		37.	  </Proxy>

इति किमर्थम्?

[vvasuki]

@vvasuki How was it ever working for you without this setting?

ಅಸ್ಯೋತ್ತರಮ್ ತು ನ ಜಾನಾಮಿ.

[avinashvarna]

परिवर्तनेषु मया केवलं २०-२२, २७-२९ योजितम् । अत्र उदाहृतं परिवर्तनं (३२-३७) मया न कृतम् । अत एव

Didn't want to do it because the server conf and the github versions didn't match to begin with.

इत्यवदं खलु !

[avinashvarna]

PR प्रेषितम् ।

[vvasuki]

Merged - भविष्ये यथा भवान् साक्षात् रक्षितुं शक्नुयात् तथा व्यवस्था कृता।

[vvasuki]

एतदपि चित्रम् पश्यतु -

For example, I can access http://api.vedavaapi.org/scala/swagger/index.html fine (if I type http explicitly), but https://api.vedavaapi.org/scala/swagger/index.html gives me a 403 error.

इत्युक्तं खलु? https://github.com/vedavaapi/vedavaapi-servercfg/blob/7eeb5e5f11700b50bd09748a8df25973a9fcd84e/apache2/sites-available/vedavaapi.conf इत्यत्रैतावदेव +‌अदृश्यत -

  ProxyPreserveHost On
  ProxyPass /scala/ http://localhost:9090/ nocanon
  ProxyPassReverse /scala/ http://localhost:9090/

[avinashvarna]

bug in apache? न जानामि ।