RASA Core: --cors parameter does not apply to socket.io

In my point of view, the rasa core paramter --cors “*” (according to [Unable to enable CORS from HTTP API · Issue #404 · RasaHQ/rasa_core · GitHub](http://RASA_CORE Issue 404)) works for the REST-API but does not work for socket.io channel. Is my assumption right? It would be great, if it can be fixed.

  • REST Header: Access-Control-Allow-Origin: *

  • Socket.io Header: Access-Control-Allow-Origin: null

Kind regards, Dario

Hi @dariofiore, you may add CORS capability to the socket.io input channel by providing the Server() with the cors_allowed_origins keyword argument here:

https://github.com/RasaHQ/rasa_core/blob/master/rasa_core/channels/socketio.py#L124

From the socketio.server docs:

cors_allowed_origins: List of origins that are allowed to connect to this server. All origins are allowed by default.

I hope that helps!

Hello, how are you ? I wonder to know how to pass this keyword to socketio.Server. What files should I change ? I tried to put the cors_allowed_origins in credentials.yml file o rasa at the socketio session but it didnt works.

Thanks

Hi @humbertocruz, welcome to the forum! You can try making the relevant change here:

I haven’t tested this myself and would be interested to hear if you have any success :slight_smile:

I noticed the same with Rasa X - regardless if you specify cors * or not, it doesn’t work. Not a problem though with Rasa server (at least not with 1.1.x).

Are you using Rasa or Rasa X?

Just curious why not fix this error? I really don’t like the idea of having to hack the rasa code after installation. If the rasa run CLI documentation states i can pass --cors “*” why would the websocket channel (without any note about it) be excluded, where it’s a simple 2nd parameter into the method.

sio = AsyncServer(async_mode=“sanic”)

@erohmensing FYI Maybe at least add do documentation to state that websocket currently doesn’t support the --cors param from rasa run. I think rasa x also suffers from this. My Rasa Version is 1.1.4 and pytho 3.6.8, Ubuntu 16.04 and Debian 9

@akelad and @Tobias_Wochinger We upgraded to Rasa 1.2.9 (using 1.2.9 tagged Docker rasa image with python 3.6.9) and picked up a “fix”, which now even broke Firefox XHR (before only Chrome was complaining, but could get local dev done in Firefox) . While the fix does not outright cause “origin not allowed” error, but it causes browsers to complain about the following:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:5013/socket.io/?EIO=3&transport=polling&t=MrVJE93. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Even with --cors “*” flag

sanic.root - CORS: Configuring CORS with resources: {'/*': {'origins': ['.*'], 'methods': 'DELETE, GET, HEAD, OPTIONS, PATCH, POST, PUT', 'allow_headers': ['.*'], 'expose_headers': None, 'supports_credentials': False, 'max_age': None, 'send_wildcard': False, 'automatic_options': True, 'vary_header': True, 'resources': {'/*': {'origins': ['*']}}, 'intercept_exceptions': True, 'always_send': True}}

What happens is that the UI keeps trying due to missing header error:

2019-09-23 18:31:04 DEBUG    rasa.model  - Extracted model to '/tmp/tmp0mpz4mxe'.
2019-09-23 18:31:04 DEBUG    pykwalify.compat  - Using yaml library: /usr/local/lib/python3.6/site-packages/ruamel/yaml/__init__.py
2019-09-23 18:31:09 INFO     engineio.server  - ff77025bcce544dc83dacb30c2ee2a7f: Sending packet OPEN data {'sid': 'ff77025bcce544dc83dacb30c2ee2a7f', 'upgrades': ['websocket'], 'pingTimeout': 60000, 'pingInterval': 25000}
2019-09-23 18:31:09 DEBUG    rasa.core.channels.socketio  - User ff77025bcce544dc83dacb30c2ee2a7f connected to socketIO endpoint.
2019-09-23 18:31:09 INFO     engineio.server  - ff77025bcce544dc83dacb30c2ee2a7f: Sending packet MESSAGE data 0
2019-09-23 18:31:14 INFO     engineio.server  - b70b1bbc9b93413db19c6d57e278f9be: Sending packet OPEN data {'sid': 'b70b1bbc9b93413db19c6d57e278f9be', 'upgrades': ['websocket'], 'pingTimeout': 60000, 'pingInterval': 25000}
2019-09-23 18:31:14 DEBUG    rasa.core.channels.socketio  - User b70b1bbc9b93413db19c6d57e278f9be connected to socketIO endpoint.
2019-09-23 18:31:14 INFO     engineio.server  - b70b1bbc9b93413db19c6d57e278f9be: Sending packet MESSAGE data 0

The only true fix that ever worked was this one:

image

I.e. set cors_allowed_origins=’’ or enhance the code to pass the --cors "" into AsyncServer.

There are newer comments in the thread that indicate that it’s not behaving well still:

Can we just not pass in the rasa run --cors param into AsyncServer? I tried setting the AsyncServer 2nd parameter to both * and “http://localhost:8080” and both work. So we can propagate that from command line, that would maybe finally fix this problem.
It is only that ‘*’ parameter into AsyncServer that will cause it to return the proper header allowing the request: image

Unless I am missing something? @Tobias_Wochinger How did you make it work?

Thank you!

@Serge have you tried also adding the --enable-api flag to your run command? That was needed for the version you’re referring to. With the latest release now I think you can ommit that flag and it should work fine

Am I missing something here?

I built a new environment with Fedora 29 Server, installed Rasa and launched it. I can launch Rasa X and/or Rasa (rasa run -m models --enable-api --endpoints endpoints.yml --cors “*”) and get a response from both Rasa X and Rasa Core in my browser. However, when trying to use a NodeJS client (rasa-api - npm) I keep getting a cors error.

[Error] Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin. [Error] Fetch API cannot load http://192.168.207.223:5005/model/parse?project=default&token=access_token_one due to access control checks. [Error] Failed to load resource: Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin. (parse, line 0) [Error] TypeError: Origin http://localhost:3000 is not allowed by Access-Control-Allow-Origin. (anonymous function) (main.chunk.js:119) promiseReactionJob

First question: How do I set a fixed IP for everything? Second question: The api calls for the following (I realize the api is not created by Rasa). Rasa(’’, ‘’,’’, ‘’). Where can I get the Project Name and Server Access Token?

EDIT: I did try to change the line in socket.py from

sio = AsyncServer(async_mode= “sanic” , cors_allowed_origins=[ ])

to

sio = AsyncServer(async_mode= “sanic”, cors_allowed_origins=[ “*” ])

and

sio = AsyncServer(async_mode= “sanic”, cors_allowed_origins="*")

It didn’t work…

Thanks!

-Chris

@cafarmer are you still having this issue? If yes, would you be able to format your post and also provide some more details, e.g. what request you’re sending?

I am still having the problem with the rasa-api component, but I was able to get around it by leveraging the “request” component in my React application. I am able to match intent through the model and communicate with the Webhooks api (‘http://192.168.207.223:5005/webhooks/rest/webhook’). I think there was a difference on how the rasa-api component tried to talk to Rasa that would not work with without a CORS exception/host specified. So I am not really sure I am on the right track, but at least I got something to work.

Thanks!

-Chris

Like this:

Model to match intent

const Request = require('request');

var options = { 
  method: 'POST',
  url: 'http://192.168.207.223:5005/model/parse',
  body: { "text": this.state.queryString },
  json: true };

Request(options, function (error, response, body) {
  if (error) throw new Error(error);
  console.log('rasa matched intent: ' + body.intent.name);
  });

Webhooks to converse

const Request = require('request');

var options = { 
  method: 'POST',
  url: 'http://192.168.207.223:5005/webhooks/rest/webhook',
  body: {"sender":"John Galt","message":"Hello"},
  json: true };

Request(options, function (error, response, body) {
  if (error) throw new Error(error);
  console.log(body);
  });
1 Like