SonarLint plugin version: Latest one installed on 15-July-2023 (just less than a week ago)
Programming language you’re coding in: PHP
Is connected mode used: Yes
Connected to SonarCloud or SonarQube (and which version):
SonarQube 9.9 community edition
And a thorough description of the problem / question:
SonarLint is connected with SonarQube server and project is binded.
Getting this error “Unable to connect to your IDE to open Security Hotspot, please make sure you are running the latest version of SonarLine” on clicking “Open in IDE”
I checked with the latest SonarLint for VSCode and SonarQube 9.9. It works on my side, so it’s something doesn’t work as expected on your machine.
First I’ll mention that Open in IDE feature relies on local HTTP requests. So both - browser with an open SonarQube page and IDE with SonarLint should be on the same machine. If it’s the case, this is the communication problem between the browser and SonarLint.
This may be a bit involved to troubleshoot, but let’s try. It will require some basic knowledge of Browser Dev Tools.
Steps to check:
Do you see in your SonarLint output the following line? Started embedded server on port 64122
The port number may be a bit different, but words are always exactly like above.
If you click on Open in IDE button on SonarQube page, do you see the dropdown list like this one?
Please open Network tab of Browser Dev Tools. When you click on Open in IDE button, or click on one of the items in the list above (if you have this list), you should see in Dev Tools the GET request to URL similar to the following: http://localhost:64122/sonarlint/api/hotspots/show?server=http%3A%2F%2Flocalhost%3A9000&project=java-demo&hotspot=AYgGGbjDRWsnVXUxf3J2
Again port and parameter values will be different, but the overall structure should be like above.
If you see the request please check what is the response code if it’s not 200.
If the request is there and the response code is 200, please look at the SonarLint output again and check if there is any error message or stack trace.
As I said it’s a bit involved, so it’s up to you to decide if you want to do it. But by performing all these actions you should collect enough data for us to understand what exactly is not working right.
Thanks for the details, I have tried integration of sonarqube and sonarlint in same machine which worked perfectly, when I tried to integrate with SonarQube that was hosted in EC2 instance, it gives error. So, it seems that’s the issue here, right?
SonarQube server can be hosted everywhere. It’s important to open the SonarQube web interface in the browser from the same machine where you have SonarLint. It’s the browser that sends requests to SonarLint in this case, not the SonarQube server.
Got it. Thanks for clarification. Sonarqube web interface and IDE are in same machine, I shall troubleshoot using the step you’ve provided and let you know.
If your question is about SonarLint in the IntelliJ Platform, VS Code, Visual Studio, or Eclipse, please post it in that sub-category.
Otherwise, please provide:
Operating system: Windows 11
IDE name and flavor/env:
VSCode latest
And a thorough description of the problem / question:
Getting below error while clicking open in IDE, Network tab in the console shows
"Access to fetch at ‘http://localhost:64120/sonarlint/api/status’ from origin ‘http://’ has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local.
The error resembles CORS error as the sonarqube is hostein in a different location not the local host, same error was not happened when both sonarqube was in localhost,
Hello,
Just to double-check. Is this topic created by you?
I don’t see any screenshots here, and that topic looks related. But it was created by another user.
Thank you, btw did you get a chance to check the console error screenshot. The error says “… CORS Policy: The request to the client is not a secure”, does that mean the request was blocked as the server is running as HTTP instead of HTTPS?
I am attaching another screenshot which I missed to add which can help as well
As part of the Private Network Access specification from Chrome (previously CORS-RFC1918), any request made from a non-secure public website to a private network (localhost included) will be blocked.
This should be mitigated if your SonarQube server runs with HTTPS instead of HTTP.
On our side, we will also work on mitigating this issue so that, during the CORS preflight requests, we specifically indicate that the resource can be safely shared with external networks.
I wanted to follow up to say that our internal demo today included sharing that the CORS policy has been dropped & the change checked in for 10.7! I’m sorry it’s taken so long.
