buttons not working in mounted mode

[bonesoul]

i have mounted agendash to my own application -- it can render stuff all good but i can't reschedule jobs using them as the buttons are not working.

[vziukas]

Check if 0.3.2 version helps with your issue

[bonesoul]

still no luck;

Failed to load resource: the server responded with a status of 403 (Forbidden)

[simison]

Same issue here, none of the buttons work when we run:

$(npm bin)/agendash --db=mongodb://localhost/databasename --collection=agendaJobs --port=1081

• Agendash 0.3.2
• Agenda 0.9.0
• MongoDB 3.2.3
• NodeJS 6.3.1

It shows jobs correctly, though.

To test, just clone our repo:

git clone https://github.com/Trustroots/trustroots.git
cd trustroots
npm install
npm start

Open http://localhost:1081

When clicking "Requeue selected" (or anything else), I get:

Request URL:http://localhost:1081/api/jobs/requeue
Request Method:POST
Status Code:404 Not Found
Remote Address:[::1]:1081

And at terminal:

/PROJCET/node_modules/agenda/node_modules/mongodb/lib/utils.js:98
    process.nextTick(function() { throw err; });
                                  ^

Error: Can't set headers after they are sent.
    at ServerResponse.OutgoingMessage.setHeader (_http_outgoing.js:346:11)
    at ServerResponse.header (/PROJCET/node_modules/express/lib/response.js:719:10)
    at ServerResponse.send (/PROJCET/node_modules/express/lib/response.js:164:12)
    at ServerResponse.json (/PROJCET/node_modules/express/lib/response.js:250:15)
    at /PROJCET/node_modules/agendash/lib/middlewares/express.js:28:18
    at /PROJCET/node_modules/agendash/lib/agendash.js:69:9
    at /PROJCET/node_modules/agenda/lib/agenda.js:320:7
    at /PROJCET/node_modules/agenda/node_modules/mongodb/lib/collection.js:1159:32
    at handleCallback (/PROJCET/node_modules/agenda/node_modules/mongodb/lib/utils.js:96:12)
    at /PROJCET/node_modules/agenda/node_modules/mongodb/lib/collection.js:1191:20

[bonesoul]

0.4.0 here

Failed to load resource: the server responded with a status of 403 (Forbidden) /api/jobs/requeue

The thing is that i use agendash as mounted. could be related?

[joeframbach]

What version of express are you mounting onto?

On Oct 28, 2016 5:21 AM, "Hüseyin Uslu" notifications@github.com wrote:

0.4.0 here

Failed to load resource: the server responded with a status of 403
(Forbidden) /api/jobs/requeue

The thing is that i use agendash as mounted. could be related?

—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAB7-IeurbAcL7HD5IuiV8tn4PxDXM4Oks5q4ejPgaJpZM4IbeGF
.

[bonesoul]

latest express 4

"express": "^4.14.0",

[joeframbach]

Does your express app respond to other endpoints? If your express app already has routes like /about, /profile, etc, then attaching Agendash to the root / path might coincide with those other paths.

Where you mount Agendash onto Express like this: app.use('/', Agendash(agenda)), instead use a path prefix that is not used elsewhere, like this: app.use('/dash', Agendash(agenda)).

I have a PR for an update to the readme: #43

[bonesoul]

It's already mounted so for me on a unique path.

[joeframbach]

The error message says /api/jobs/requeue is forbidden, but you have it
mounted on a unique path, so the expected request should go to
/yourPath/api/jobs/requeue. There may be a broken path.join somewhere, or
your path prefix not being set. I can't reproduce this issue but I will
take a look and see what I can find.

On Oct 29, 2016 5:55 AM, "Hüseyin Uslu" notifications@github.com wrote:

It's already mounted so for me on a unique path.

—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
#23 (comment),
or mute the thread
https://github.com/notifications/unsubscribe-auth/AAB7-PO4mlknhSyZAHQRIu46c4nofPwBks5q40I6gaJpZM4IbeGF
.

[yangchristian]

Are you by chance using any CSRF middleware, like csurf? We just ran into this issue on our app, and it seems like Express will require a CSRF token for the mounted agendash paths, but agendash itself won't know to use the middleware. We ended up disabling CSRF protection for the agendash endpoints, but you could also probably reuse the middleware for agendash's Express app. Something like this:

var csrf = require('csurf');
var csrfProtection = csrf({ cookie: true });

// Your app
var myApp = express();
app.use(csrfProtection);

// Agendash app
var agendashApp = Agendash(agenda);
agendashApp.use(csrfProtection);
app.use('/agendash', agendashApp);

[bonesoul]

@yangchristian yes i was actually using csurf - how to disable it for agendash?

[yangchristian]

Not sure how you're using csurf, but we're using a middleware wrapper that applies protection based on the route. It's something like this (rewritten from our TypeScript so may not compile directly):

var csrfFreeRoutes = [
  new RegExp('^/agendash/api/'), // Whatever your mounted path is
  // new RegExp('^/otherRoutes')
];
function isCsrfFree(path) {
  return !!_.find(csrfFreeRoutes, function(regex) {
    return !!regex.test(path);
  });
}
app.use( function(req, res, next) {
  if (isCsrfFree(req.path)) {
    csrf({ cookie: true })(req,res,next);
  } else {
    next();
  }
});

[koresar]

This is a stale issue. Such bug do not exist (as far as I can see) in the latest Agendash v2