[Keep-web] Support CORS requests with Range headers
|Assignee:||Tom Clegg||% Done:|
|Target version:||2017-04-26 sprint|
|Story points||-||Remaining (hours)||0.00 hour|
|Velocity based estimate||-|
The Workbench log viewer uses an ajax request to retrieve log data. It uses the POST method so it can include the api_token in the body. If the log is larger than the configured limit (
log_viewer_max_bytes), it also adds a Range header.
Range is not a "safe" header for CORS, so the browser performs a pre-flight OPTIONS request, to which keep-web responds 405, so the request fails.
Solution¶keep-web should respond to OPTIONS requests with 200 status and CORS headers:
- Access-Control-Allow-Origin: *
- Access-Control-Max-Age: 86400
- Access-Control-Allow-Headers: Range
- Access-Control-Allow-Methods: GET, POST