Project

General

Profile

Actions
Copy link

Bug #11509

closed

[Keep-web] Support CORS requests with Range headers

Added by Tom Clegg about 7 years ago. Updated about 7 years ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
Keep
Target version:
2017-04-26 sprint
Story points:
-

Description

Background

The Workbench log viewer uses an ajax request to retrieve log data. It uses the POST method so it can include the api_token in the body. If the log is larger than the configured limit (log_viewer_max_bytes), it also adds a Range header.

Problem

Range is not a "safe" header for CORS, so the browser performs a pre-flight OPTIONS request, to which keep-web responds 405, so the request fails.

Solution

keep-web should respond to OPTIONS requests with 200 status and CORS headers:
  • Access-Control-Allow-Origin: *
  • Access-Control-Max-Age: 86400
  • Access-Control-Allow-Headers: Range
  • Access-Control-Allow-Methods: GET, POST

Subtasks 1 (0 open1 closed)

Task #11512: Review 11509-keep-web-cors-rangeResolvedTom Clegg04/17/2017Actions

Related issues

Related to Arvados - Idea #11065: [API] Delete rows from logs table when they exceed a configured thresholdResolvedTom Clegg03/23/2017Actions
Actions
Copy link

Also available in: Atom PDF