https://dev.arvados.org/https://dev.arvados.org/favicon.ico?15576888422015-02-09T18:09:05ZArvadosArvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=209852015-02-09T18:09:05ZPeter Amstutzpeter.amstutz@curii.com
<ul></ul><p>Using arvados-python-client-0.1.20141016164709.8297039 ("latest" via pip at this time)</p>
<p>Possibly related?</p>
<pre>
$ arv-put stuff.rtf
0M / 0M 0.0% 2015-02-09 13:07:44 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:07:44 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:07:44 arvados.keep[1866] DEBUG: KeepWriterThread <KeepWriterThread(Thread-1, started 4624592896)> proceeding a23356ce7051569a2427f55ed78cc176 https://[keep.qr1hi.arvadosapi.com]:443/
2015-02-09 13:07:44 arvados.keep[1866] DEBUG: Request: PUT https://[keep.qr1hi.arvadosapi.com]:443/a23356ce7051569a2427f55ed78cc176
2015-02-09 13:07:44 arvados.keep[1866] DEBUG: Request fail: PUT a23356ce7051569a2427f55ed78cc176 => 503 <html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>
2015-02-09 13:07:48 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:07:48 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:07:48 arvados.keep[1866] DEBUG: KeepWriterThread <KeepWriterThread(Thread-2, started 4624592896)> proceeding a23356ce7051569a2427f55ed78cc176 https://[keep.qr1hi.arvadosapi.com]:443/
2015-02-09 13:07:48 arvados.keep[1866] DEBUG: Request: PUT https://[keep.qr1hi.arvadosapi.com]:443/a23356ce7051569a2427f55ed78cc176
2015-02-09 13:07:48 arvados.keep[1866] DEBUG: Request fail: PUT a23356ce7051569a2427f55ed78cc176 => 503 <html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>
2015-02-09 13:07:56 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:07:56 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:07:56 arvados.keep[1866] DEBUG: KeepWriterThread <KeepWriterThread(Thread-3, started 4624592896)> proceeding a23356ce7051569a2427f55ed78cc176 https://[keep.qr1hi.arvadosapi.com]:443/
2015-02-09 13:07:56 arvados.keep[1866] DEBUG: Request: PUT https://[keep.qr1hi.arvadosapi.com]:443/a23356ce7051569a2427f55ed78cc176
2015-02-09 13:07:56 arvados.keep[1866] DEBUG: Request fail: PUT a23356ce7051569a2427f55ed78cc176 => 503 <html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>
2015-02-09 13:08:12 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:08:12 arvados.keep[1866] DEBUG: ['https://[keep.qr1hi.arvadosapi.com]:443/']
2015-02-09 13:08:12 arvados.keep[1866] DEBUG: KeepWriterThread <KeepWriterThread(Thread-4, started 4624592896)> proceeding a23356ce7051569a2427f55ed78cc176 https://[keep.qr1hi.arvadosapi.com]:443/
2015-02-09 13:08:12 arvados.keep[1866] DEBUG: Request: PUT https://[keep.qr1hi.arvadosapi.com]:443/a23356ce7051569a2427f55ed78cc176
2015-02-09 13:08:12 arvados.keep[1866] DEBUG: Request fail: PUT a23356ce7051569a2427f55ed78cc176 => 503 <html>
<head><title>503 Service Temporarily Unavailable</title></head>
<body bgcolor="white">
<center><h1>503 Service Temporarily Unavailable</h1></center>
<hr><center>nginx/1.6.2</center>
</body>
</html>
Traceback (most recent call last):
File "/usr/local/bin/arv-put", line 4, in <module>
main()
File "/Library/Python/2.7/site-packages/arvados/commands/put.py", line 443, in main
writer.finish_current_stream()
File "/Library/Python/2.7/site-packages/arvados/collection.py", line 401, in finish_current_stream
self.flush_data()
File "/Library/Python/2.7/site-packages/arvados/commands/put.py", line 291, in flush_data
super(ArvPutCollectionWriter, self).flush_data()
File "/Library/Python/2.7/site-packages/arvados/collection.py", line 352, in flush_data
self._my_keep().put(data_buffer[0:self.KEEP_BLOCK_SIZE]))
File "/Library/Python/2.7/site-packages/arvados/retry.py", line 157, in num_retries_setter
return orig_func(self, *args, **kwargs)
File "/Library/Python/2.7/site-packages/arvados/keep.py", line 708, in put
(data_hash, copies, thread_limiter.done()))
arvados.errors.KeepWriteError: Write fail for a23356ce7051569a2427f55ed78cc176: wanted 2 but wrote 0
</pre> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=209862015-02-09T18:12:29ZPeter Amstutzpeter.amstutz@curii.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/20986/diff?detail_id=20082">diff</a>)</li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=209902015-02-09T19:49:40ZWard Vandewegeward@curii.com
<ul></ul><p>We're hitting the keepproxy connection limit. We need better error reporting.</p> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=210472015-02-11T01:13:37ZWard Vandewegeward@curii.com
<ul><li><strong>Subject</strong> changed from <i>CORS error uploading via browser</i> to <i>CORS error uploading via browser - better JS error handling needed</i></li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=210482015-02-11T01:13:46ZWard Vandewegeward@curii.com
<ul><li><strong>Subject</strong> changed from <i>CORS error uploading via browser - better JS error handling needed</i> to <i>[Workbench] CORS error uploading via browser - better JS error handling needed</i></li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=214282015-02-18T20:59:44ZWard Vandewegeward@curii.com
<ul><li><strong>Target version</strong> changed from <i>Bug Triage</i> to <i>2015-03-11 sprint</i></li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=214382015-02-18T21:07:04ZTom Cleggtom@curii.com
<ul><li><strong>Category</strong> set to <i>Workbench</i></li><li><strong>Assigned To</strong> set to <i>Tom Clegg</i></li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=214412015-02-18T21:08:54ZWard Vandewegeward@curii.com
<ul><li><strong>Description</strong> updated (<a title="View differences" href="/journals/21441/diff?detail_id=20565">diff</a>)</li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=214542015-02-18T21:27:08ZWard Vandewegeward@curii.com
<ul><li><strong>Story points</strong> set to <i>0.5</i></li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221252015-03-10T14:11:14ZTom Cleggtom@curii.com
<ul><li><strong>File</strong> <a href="/attachments/503">5182-network-error.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/503/5182-network-error.png">5182-network-error.png</a> added</li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221262015-03-10T14:32:21ZTom Cleggtom@curii.com
<ul><li><strong>File</strong> <a href="/attachments/504">5182-mixed-content-error.png</a> <a class="icon-only icon-download" title="Download" href="/attachments/download/504/5182-mixed-content-error.png">5182-mixed-content-error.png</a> added</li></ul><p>Three improvements in 5182-cors-error-reporting:</p>
<ul>
<li>By design, browsers make the "CORS headers do not permit this request" error indistinguishable from "network error during cross-origin request": i.e., since no CORS headers explicitly permitted the request, the JS program is not allowed to know anything about what happened. We now have a generic "check your console" message for this case, instead of just "error:" like before.</li>
</ul>
<blockquote>
<p><img src="https://dev.arvados.org/attachments/download/503/5182-network-error.png" alt="" /></p>
</blockquote>
<ul>
<li>If the keep proxy is <a class="external" href="http:// but">http:// but</a> Workbench is <a class="external" href="https://,">https://,</a> Workbench JS won't be allowed to connect to the keep proxy. (In Chrome in my dev setup, neither done() <em>nor</em> fail() handler gets called for such a request, which makes it awkward to detect -- fortunately it's easy enough to <em>predict</em> based on the URIs.) We now catch this condition before even bothering to attempt a Keep request:</li>
</ul>
<blockquote>
<p><img src="https://dev.arvados.org/attachments/download/504/5182-mixed-content-error.png" alt="" /></p>
</blockquote>
<ul>
<li>If the keep proxy is itself behind a web proxy like nginx, and the web proxy has trouble connecting to keep proxy (as is the case for this bug report), the web proxy will likely provide a useful error message -- but the browser will avoid passing it to Workbench JS if the web proxy doesn't send CORS headers. Recent versions of nginx have an <code>"add_header ... always"</code> feature that can add CORS headers to error responses. The <a href="http://doc.arvados.org/install/install-keepproxy.html" class="external">keepproxy install page</a> has been updated accordingly. <a class="changeset" title="5182: Advise adding CORS headers to proxy error responses." href="https://dev.arvados.org/projects/arvados/repository/arvados/revisions/4d71b77be419a60d8dd64d16ebeb4b83be5cb97d">4d71b77</a></li>
</ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221272015-03-10T15:12:00ZTom Cleggtom@curii.com
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>In Progress</i></li></ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221342015-03-10T16:44:50ZRadhika Chippadaradhika@curoverse.com
<ul></ul><p>Review comments:</p>
<p>Just a couple minor text suggestions.</p>
<ul>
<li>This error message seems too technical: “A network error occurred, or there is a CORS configuration problem”. A typical user may not know what CORS configuration is. Can we say something like: “A network error occurred. The server may be unreachable or this could be a resource sharing issue due to CORS configuration on the server. Please check your browser debug console for a more specific error message (browser security features prevent us from showing the details here).” I think it does not hurt to make the word “CORS” to link to CORS wiki page?</li>
</ul>
<ul>
<li>Can we make this error message also a bit easier to understand? —— “server setup problem …” - Can we say something like “Mixed content error. Proxy <strong>http</strong>://… cannot be accessed from origin <strong>https</strong>://… (highlight http and https?)</li>
</ul>
<ul>
<li>Documentation “add_header 'Access-Control-Allow-Origin' '*' always” : Can you add an example url instead of “*” here.</li>
</ul> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221512015-03-10T19:44:15ZTom Cleggtom@curii.com
<ul></ul><p>Radhika Chippada wrote:</p>
<blockquote>
<p>Review comments:</p>
<p>Just a couple minor text suggestions.</p>
<ul>
<li>This error message seems too technical: “A network error occurred, or there is a CORS configuration problem”. A typical user may not know what CORS configuration is. Can we say something like: “A network error occurred. The server may be unreachable or this could be a resource sharing issue due to CORS configuration on the server. Please check your browser debug console for a more specific error message (browser security features prevent us from showing the details here).” I think it does not hurt to make the word “CORS” to link to CORS wiki page?</li>
</ul>
</blockquote>
<p>Agreed, the word CORS is probably useless to the user. It's a bit of a wild guess anyway: even in <em>this</em> bug report CORS made it harder to see what the real server problem was, but no amount of CORS perfection would have made the upload actually work. Changed to:</p>
<p>A network error occurred: either the server was unreachable, or there is a server configuration problem. Please check [...]</p>
<blockquote>
<ul>
<li>Can we make this error message also a bit easier to understand? —— “server setup problem …” - Can we say something like “Mixed content error. Proxy <strong>http</strong>://… cannot be accessed from origin <strong>https</strong>://… (highlight http and https?)</li>
</ul>
</blockquote>
<p>Putting html markup on http/https seems to creep quickly into explicit tracking of trusted/untrusted strings throughout all of our status reporting, which doesn't seem worth it. Instead I changed the message to:</p>
There is a server configuration problem. Proxy http://foobar:12345/ cannot be used from origin https://foobar:3031 due to the browser's mixed-content (https/http) policy.
<p>I suppose the most important idea to convey is that it's a server/sysadmin problem, and can't be fixed on the client side. Hopefully "mixed-content (https/http)" is a good enough clue for the sysadmin to check the schemes in the URIs...</p>
<blockquote>
<ul>
<li>Documentation “add_header 'Access-Control-Allow-Origin' '*' always” : Can you add an example url instead of “*” here.</li>
</ul>
</blockquote>
<p>The literal string <code>*</code> is what the header should say. I'm guessing you're guessing it's supposed to be replaced with something? ([How] should I make it clearer that it's supposed to be left just like that?)</p>
<p>Now at <a class="changeset" title="5182: Tweak error messages." href="https://dev.arvados.org/projects/arvados/repository/arvados/revisions/fc79e9d9109f84dd1c9851fd231d7d333914b54e">fc79e9d</a></p> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221562015-03-10T20:02:44ZRadhika Chippadaradhika@curoverse.com
<ul></ul><p>Tom,</p>
<ul>
<li>The error message are SO MUCH better now. They are quite readable and helpful now. Thanks.</li>
</ul>
<ul>
<li>Regarding "add_header 'Access-Control-Allow-Origin' '*' always": On second thought, yes you are right; it should be "*" or whatever the site admin wants to limit it to.</li>
</ul>
<p>Thanks.</p>
<p>LGTM</p> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=221602015-03-10T20:10:09ZAnonymous
<ul><li><strong>Status</strong> changed from <i>In Progress</i> to <i>Resolved</i></li></ul><p>Applied in changeset arvados|commit:855a790d7be3ff345f04226bde3719fb90e6d9a5.</p> Arvados - Bug #5182: [Workbench] CORS error uploading via browser - better JS error handling neededhttps://dev.arvados.org/issues/5182?journal_id=633092018-06-08T17:35:42ZTom Morristfmorris@veritasgenetics.com
<ul><li><strong>Related to</strong> <i><a class="issue tracker-1 status-1 priority-4 priority-default" href="/issues/13564">Bug #13564</a>: [Workbench] Uploader should have a timeout</i> added</li></ul>