Configure publisher

I want to install publisher but not installing i am getting cors error always please guide me how to resolve this cors error

Unable to load data: Axios Error (Request): Network Error (possible local connectivity issue) get https://discovery.xxxx.in/api/v1/courses/.

Access to XMLHttpRequest at ‘https://discovery.xxxx.in/publisher/api/admins/organizations/users/?page=1&page_size=250’ from origin ‘https://apps.xxxx.in’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Access to XMLHttpRequest at ‘https://discovery.xxxx.in/api/v1/organizations/?page=1&page_size=500&limit=500’ from origin ‘https://apps.xxxx.in’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Failed to load resource: net::ERR_FAILED

https://discovery.xxxx.in/publisher/api/admins/organizations/users/?page=1&page_size=250

Please guide me how to do resolve it i am using this repo

Hi. I understand you want help with your problem, but please don’t ping random people to help. The people who are available will be reading the topics to see where they can help.

2 Likes

so Sorry @nedbat but since you are the oldest member and knowledgeable people thats why i pinged you only guys

1 Like

@BbrSofiane Please guide me i am working on this problem from last 4 days. I am tagging my thread from overhang here please help me with problem

:warning: Disclaimer: This plugin is in an experimental state so there is no guarantee it will work, especially on the latest release. If you need something that works out of the box, this is probably not the right tool.

Access to XMLHttpRequest at ‘https://discovery.xxxx.in/publisher/api/admins/organizations/users/?page=1&page_size=250’ from origin ‘https://apps.xxxx.in’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Access to XMLHttpRequest at ‘https://discovery.xxxx.in/api/v1/organizations/?page=1&page_size=500&limit=500’ from origin ‘https://apps.xxxx.in’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.

Hmm, can you check the settings file for the discovery service? I’ve added the MFE domain to CORS whitelist in discovery-development-settings and discovery-production-settings.

Can you describe the steps you to took to install, enable and run the MFE?

So what I have tried so far is as follows

  1. Install tutor full on local

  2. tutor plugins enable discovery ecommerce

  3. tutor config save

  4. Create a discovery user
    tutor local run discovery ./manage.py createsuperuser

  5. Create a plugin using .yml in tutor plugin printroot tweeking discovery-production-settings to append MFE host as cors allowed origin

name: cors
version: 0.0.1
patches:
discovery-production-settings: |
CORS_ORIGIN_WHITELIST = list(CORS_ORIGIN_WHITELIST) + [“https://apps.xxxx.in”]

  1. Enable this patch along with your publisher mfe
    pip install git+https://github.com/Dicey-Tech/tutor-contrib-publisher

  2. Run quickstart again

So far i have been able to successfully login to publisher. Dashboard works fine.

The issue comes up while trying to create new course about csrf tokens

I have tried tweeking lms-env through patch to add csrf trusted domain but that doesn’t seem to work for me.

I explicitly do not need publisher to utilize any features of it. However I wished my courses to have schedules (i.e. relative due dates). And I don’t remember where exactly but documentation somewhere mentioned that to enable relative due dates in self paced courses we will need to end the course through publisher. Which is quite abnormal to me. Is that the case? Because I am able to set up due dates for instructor paced course but same is not true for self paced. Any thoughts on this if we can bypass publisher just for ending the course (date)?

That’s completely fair and that’s also how I ended up trying to create this plugin. I do think the underlying issue is that there is a dependency to a functionality that’s not core (publisher) to edit something that is (course).

In theory, you shouldn’t need that, it’s already taken care of in the publisher plugin.

Have you tried creating a new course run for a course that exists? Does that work?

Yes I have tried but at the time of saving it is giving error please guide us we can create that plugins with this repo GitHub - openedx/frontend-app-publisher: Publisher frontend to manage course creation and marketing content curation. or we have to take from your repo please guide how we can make that thing working

@BbrSofiane

while we create a course this is exact error pops up.

Creation failed, please try again or contact support.
detail: CSRF Failed: Referer checking failed - https://apps.xxxx.in/ does not match any trusted origins.

console prints the following

xhr.js:210 POST https://discovery.xxxx.in/api/v1/courses/ 403

Logs from tutor discovery prints as below

discovery_1 | 2022-06-12 15:11:57,034 WARNING 6 [django.request] /openedx/venv/lib/python3.8/site-packages/django/utils/log.py:224 - Forbidden: /api/v1/courses/
discovery_1 | 2022-06-12 15:11:57,034 WARNING 6 [django.request] /openedx/venv/lib/python3.8/site-packages/django/utils/log.py:224 - Forbidden: /api/v1/courses/
discovery_1 | 2022-06-12 15:11:57,034 WARNING 6 [django.request] /openedx/venv/lib/python3.8/site-packages/django/utils/log.py:224 - Forbidden: /api/v1/courses/
discovery_1 | [pid: 6|app: 0|req: 14/31] 172.18.0.8 () {68 vars in 3405 bytes} [Sun Jun 12 15:11:57 2022] POST /api/v1/courses/ => generated 109 bytes in 19 msecs (HTTP/1.1 403) 8 headers in 295 bytes (1 switches on core 0)

I am facing issue in creating a path for publisher for CORS and CSRF errors

name: cors
version: 0.0.1
patches:
openedx-lms-settings: |
CORS_ORIGIN_WHITELIST.append("{{ MFE_HOST }}")
CORS_ORIGIN_CREDENTIALS = True
CORS_ORIGIN_ALLOW_ALL = True
CROSS_DOMAIN_CSRF_COOKIE_DOMAIN = xxxx.in
CROSS_DOMAIN_CSRF_COOKIE_NAME = native-csrf-cookie
CSRF_COOKIE_SECURE = True
CSRF_TRUSTED_ORIGINS = list(CSRF_TRUSTED_ORIGIN) + [“https://apps.xxxx.in”]
DCS_SESSION_COOKIE_SAMESITE = lax
DCS_SESSION_COOKIE_SAMESITE_FORCE_ALL = True

Please help me to create a patch

@BbrSofiane I believe that the entries in CORS_ORIGIN_WHITELIST should be prefixed by “http(s)://” tutor-mfe/openedx-lms-production-settings at df5d86eb35429ba1b3fd961c9b3ee8d333eded5e · overhangio/tutor-mfe · GitHub
On the other hand CSRF_TRUSTED_ORIGINS should not.
(I recently faced a similar problem in ecommerce)

name: corsxlms
version: 0.0.1
patches:
discovery-production-settings: |
CORS_ORIGIN_WHITELIST = list(CORS_ORIGIN_WHITELIST) + [“https://apps.xxxx.in”]
lms-env: |
CORS_ORIGIN_WHITELIST:
- https://xxxx.in
- https://apps.xxxx.in
- https://discovery.xxxx.in
CSRF_TRUSTED_ORIGINS:
- xxxx.in
- apps.xxxx.in
- discovery.xxxx.in
adding csrf trusted origins to discovery results in error parameter not defined while quickstart

please guide