Bug #15936
closed[keep-web] document single-origin collections behavior
Description
Workbench2 is making a PROPFIND request which is failing, here's the keep-web log:
{ "RequestID": "req-z655yiv6e6hz5wx8ey5s", "level": "info", "msg": "response", "remoteAddr": "127.0.0.1:36912", "reqBytes": 0, "reqForwardedFor": "108.7.59.164", "reqHost": "collections.ce8i5.arvadosapi.com", "reqMethod": "PROPFIND", "reqPath": "c=ce8i5-4zz18-tnb40vgk9em05h4", "reqQuery": "", "respBody": "", "respBytes": 0, "respStatus": "Not Found", "respStatusCode": 404, "time": "2019-12-16T20:49:20.099508402Z", "timeToStatus": 0.013435, "timeTotal": 0.01344, "timeWriteBody": 5e-06 }
Updated by Peter Amstutz about 5 years ago
- Status changed from New to In Progress
Updated by Peter Amstutz about 5 years ago
- Target version changed from 2020-01-02 Sprint to 2020-01-15 Sprint
Updated by Peter Amstutz about 5 years ago
- Status changed from In Progress to New
- Description updated (diff)
Updated by Tom Clegg about 5 years ago
Is ce8i5-4zz18-tnb40vgk9em05h4 readable using the same token? I'm not sure what behavior you were expecting here...
Updated by Peter Amstutz about 5 years ago
Tom Clegg wrote:
Is ce8i5-4zz18-tnb40vgk9em05h4 readable using the same token? I'm not sure what behavior you were expecting here...
Yes, it is readable by that token.
I was expecting successful PROPFIND response, or an error being logged to explain what aspect of the configuration is preventing it from returning a response.
This works:
curl -v -X PROPFIND https://collections.ce8i5.arvadosapi.com/c=ce8i5-4zz18-tnb40vgk9em05h4/t=zzzzzzzzzzzzzzzzzzzzzzzzzzzzz
This doesn't work:
curl -v -H "Authorization: Bearer zzzzzzzzzzzzzzzzzzzzzzzzzzzzz" -X PROPFIND https://collections.ce8i5.arvadosapi.com/c=ce8i5-4zz18-tnb40vgk9em05h4
This works:
curl -v -H "Authorization: Bearer zzzzzzzzzzzzzzzzzzzzzzzzzzzzz" -X PROPFIND https://download.ce8i5.arvadosapi.com/c=ce8i5-4zz18-tnb40vgk9em05h4
Since these are different virtual hosts of the same keep-web instance, this seems related to the security policies of WebDAV vs WebDAVDownload endpoints.
This is with the following services configuration:
WebDAV: ExternalURL: https://collections.ce8i5.arvadosapi.com/ InternalURLs: "http://localhost:9002": {} WebDAVDownload: ExternalURL: https://download.ce8i5.arvadosapi.com
Updated by Tom Clegg about 5 years ago
The docs say "if you don't have a wildcard DNS entry, then just use https://collections.* and https://download.* as WebDAV and WebDAVDownload URLs; keep-web will treat both as downloads."
In reality, with this config, keep-web doesn't force a download -- it just ignores your credentials (so it only serves anonymously-accessible content) at https://collections.*. This seems like a useful behavior so I'm thinking we should fix the documentation to match the behavior (and make WB2 aware of it), rather than change the behavior to match the docs. Or, a third "inline content, but no auth" endpoint might be better -- that way the config you have now could be flagged as an error, which would be much more sysadmin-friendly.
If you don't configure a WebDAV (non-download) URL at all, Workbench1 does the right thing: it always links to the WebDAVDownload URL, and indicates to the user that preview isn't possible.
I think you get the behavior described in the docs ("everything is a download") if you use the same ExternalURL for both WebDAV and WebDAVDownload, although a WB1 user might be surprised that both "preview" and "download" links result in a download.
IDK whether WB2 tries to predict whether preview is possible.
Updated by Peter Amstutz about 5 years ago
- Target version changed from 2020-01-15 Sprint to 2020-01-02 Sprint
- Status changed from New to In Progress
- Subject changed from keep-web PROPFIND 404 to [keep-web] document single-origin collections behavior
Updated by Peter Amstutz about 5 years ago
- Assigned To set to Peter Amstutz
- Subject changed from [keep-web] document single-origin collections behavior to [keep-web] document single-origin collections behavior
Updated by Peter Amstutz almost 5 years ago
- Status changed from In Progress to Resolved