Project

General

Profile

Actions
Copy link

Bug #20647

closed

container_request/.../logs endpoint needs to handle CORS preflight (unauthenticated OPTIONS) requests

Added by Tom Clegg 11 months ago. Updated 9 months ago.

Status:
Resolved
Priority:
Normal
Assigned To:
Tom Clegg
Category:
Crunch
Target version:
Development 2023-06-21 sprint
Story points:
1.0
Release:
Arvados 2.7.0
Release relationship:
Auto

Description

The controller endpoint currently handles authenticated OPTIONS requests, which webdav clients use to discover which webdav methods are supported.

It also needs to handle CORS preflight requests (unauthenticated OPTIONS requests). Responses do not need to include the DAV headers. This is how keep-web does it:

        if method := r.Header.Get("Access-Control-Request-Method"); method != "" && r.Method == "OPTIONS" {
                if !browserMethod[method] && !webdavMethod[method] {
                        w.WriteHeader(http.StatusMethodNotAllowed)
                        return
                }
                w.Header().Set("Access-Control-Allow-Headers", corsAllowHeadersHeader)
                w.Header().Set("Access-Control-Allow-Methods", "COPY, DELETE, GET, LOCK, MKCOL, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, PUT, RMCOL, UNLOCK")
                w.Header().Set("Access-Control-Allow-Origin", "*")
                w.Header().Set("Access-Control-Max-Age", "86400")
                return
        }

Subtasks 1 (0 open1 closed)

Task #20648: Review 20647-cr-logs-preflightResolvedTom Clegg06/16/2023Actions

Related issues

Blocks Arvados - Feature #20219: Log panel on container view fetches live logs using periodic range request on new container log endpointResolvedStephen Smith07/28/2023Actions
Actions
Copy link

Also available in: Atom PDF