View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0010447Talerlibeufin-bankpublic2025-09-23 12:262025-09-23 13:53
Reportersebasjm Assigned ToAntoine A  
PriorityhighSeveritymajorReproducibilityalways
Status assignedResolutionopen 
Product Versiongit (master) 
Summary0010447: cors problem on challenge confirm [dev/antoinea/2fa-v2]
DescriptionThis request is to enable email as 2fa. The first option request fail.

$ curl 'http://bank.taler.test/accounts/merchant' -X 'OPTIONS' -H 'Accept: */*' -H 'Accept-Language: en-US,en;q=0.9' -H 'Access-Control-Request-Headers: authorization,content-type,taler-challenge-ids' -H 'Access-Control-Request-Method: PATCH' -H 'Connection: keep-alive' -H 'Origin: http://localhost:8080' -H 'Referer: http://localhost:8080/' -H 'Sec-Fetch-Mode: cors' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' --insecure -v
* Host bank.taler.test:80 was resolved.
* IPv6: (none)
* IPv4: 127.0.0.1
* Trying 127.0.0.1:80...
* Connected to bank.taler.test (127.0.0.1) port 80
* using HTTP/1.x
> OPTIONS /accounts/merchant HTTP/1.1
> Host: bank.taler.test
> Accept: */*
> Accept-Language: en-US,en;q=0.9
> Access-Control-Request-Headers: authorization,content-type,taler-challenge-ids
> Access-Control-Request-Method: PATCH
> Connection: keep-alive
> Origin: http://localhost:8080
> Referer: http://localhost:8080/
> Sec-Fetch-Mode: cors
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
>
* Request completely sent off
< HTTP/1.1 403 Forbidden
< vary: Origin
< content-length: 0
< connection: keep-alive
< Date: Tue, 23 Sep 2025 10:22:33 GMT
<


The original request (after OPTION) works, but without the first one the browser fail by cors


$ curl 'http://bank.taler.test/accounts/merchant' -X 'PATCH' -H 'Authorization: Bearer secret-token:6F9AWKAWNGRDQNJW5QQ6ESS58054M2J4JGXFMT3ZNC13VH8X7HPG' -H 'Referer: http://localhost:8080/' -H 'User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36' -H 'Accept: application/json' -H 'Content-Type: application/json' -H 'Taler-Challenge-Ids: 3ccf0dcf-b008-4eb5-a054-43253e9569b4' --data-raw '{"cashout_payto_uri":null,"tan_channel":"email"}' -v
* Host bank.taler.test:80 was resolved.
* IPv6: (none)
* IPv4: 127.0.0.1
* Trying 127.0.0.1:80...
* Connected to bank.taler.test (127.0.0.1) port 80
* using HTTP/1.x
> PATCH /accounts/merchant HTTP/1.1
> Host: bank.taler.test
> Authorization: Bearer secret-token:6F9AWKAWNGRDQNJW5QQ6ESS58054M2J4JGXFMT3ZNC13VH8X7HPG
> Referer: http://localhost:8080/
> User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/139.0.0.0 Safari/537.36
> Accept: application/json
> Content-Type: application/json
> Taler-Challenge-Ids: 3ccf0dcf-b008-4eb5-a054-43253e9569b4
> Content-Length: 48
>
* upload completely sent off: 48 bytes
< HTTP/1.1 204 No Content
< vary: Origin
< content-length: 0
< connection: keep-alive
< Date: Tue, 23 Sep 2025 10:24:02 GMT
<
TagsNo tags attached.

Relationships

related to 0010250 assignedsebasjm body of tan_challenges stores passwords in the clear? 

Activities

Antoine A

2025-09-23 13:45

developer   ~0025987

Can I have some libeufin logs, it will contains hints about the error that will help me a lot

sebasjm

2025-09-23 13:53

developer   ~0025988

it doesn't have too much that's why i didn't include it

23-Sep-2025T08:51:13.751 L8X6DSLFNK INFO libeufin-bank-api - GET /accounts/exchange/taler-wire-gateway/history/incoming?limit=1024&long_poll_ms=2000
23-Sep-2025T08:51:14.695 Z23Y3VWSC5 INFO libeufin-bank-api - 200 0ms
23-Sep-2025T08:51:14.695 Z23Y3VWSC5 INFO libeufin-bank-api - OPTIONS /accounts/merchant/challenge/9f0fe839-81bc-469c-a79e-db64aaa2343b/confirm
23-Sep-2025T08:51:14.699 N01FZ06BV9 INFO libeufin-bank-api - POST /accounts/merchant/challenge/9f0fe839-81bc-469c-a79e-db64aaa2343b/confirm
23-Sep-2025T08:51:14.700 N01FZ06BV9 INFO libeufin-bank-api - 204 1ms
23-Sep-2025T08:51:15.754 L8X6DSLFNK INFO libeufin-bank-api - 204 2003ms
23-Sep-2025T08:51:15.757 JZVELNEK8K INFO libeufin-bank-api - GET /accounts/exchange/taler-wire-gateway/history/incoming?limit=1024&long_poll_ms=2000
23-Sep-2025T08:51:16.542 3G5FISROOP INFO libeufin-bank-api - 403 1ms
23-Sep-2025T08:51:16.542 3G5FISROOP INFO libeufin-bank-api - OPTIONS /accounts/merchant/token
23-Sep-2025T08:51:17.760 JZVELNEK8K INFO libeufin-bank-api - 204 2003ms
23-Sep-2025T08:51:17.763 IGLGSXF1U2 INFO libeufin-bank-api - GET /accounts/exchange/taler-wire-gateway/history/incoming?limit=1024&long_poll_ms=2000

I can try adding more runtime options, current one

java -classpath /media/luffy/taler-workspace/install-prefix/lib/bank-1.0.6-all.jar tech.libeufin.bank.MainKt serve --config taler/data//bank-default.conf -L debug

Issue History

Date Modified Username Field Change
2025-09-23 12:26 sebasjm New Issue
2025-09-23 12:26 sebasjm Status new => assigned
2025-09-23 12:26 sebasjm Assigned To => Antoine A
2025-09-23 13:11 sebasjm Relationship added related to 0010250
2025-09-23 13:45 Antoine A Note Added: 0025987
2025-09-23 13:53 sebasjm Note Added: 0025988