Project

General

Profile

Actions

Feature #8064

open

[Keep-web] Support CORS requests with Authorization headers

Added by Tom Clegg over 8 years ago. Updated 27 days ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Keep
Target version:
Story points:
0.5
Release:
Release relationship:
Auto

Description

Background

In #7884 we needed to add minimal CORS support to keep-web (allowing simple requests that don't need pre-flight) in order to let the Workbench log viewer retrieve log data from keep-web.

However, supplying an API token in an Authorization header (where it rightfully belongs) makes it a non-simple request requiring preflight. The workaround was to do a POST request with the token supplied in a form in the request body.

Implementation

Proper CORS support includes:
  • Respond to OPTIONS requests (Allow: GET, POST) adding appropriate CORS headers (allow-methods "GET, POST"; allow-origin "*"; allow-headers "Authorization, Range", max-age 86400) if the Origin request header is present.
  • Add appropriate CORS headers to GET and POST requests if the Origin request header is set (allow-origin "*"; max-age 86400; expose-headers "Accept-Ranges, Content-Disposition, Content-Length, Content-Range")

This should allow Workbench to do a GET request with an Authorization header, instead of a POST request with a form. The special case in keep-web (responding to a POST request without a redirect if the Origin request header is present) won't be needed for Workbench any more, but should probably still be supported so other clients have more options at their disposal.


Related issues

Related to Arvados - Bug #7884: [Workbench] log viewer does not handle "redirect to keep-web" responseResolvedTom Clegg12/01/2015Actions
Actions #1

Updated by Tom Morris about 5 years ago

  • Target version set to Arvados Future Sprints
Actions #2

Updated by Tom Morris about 5 years ago

  • Target version changed from Arvados Future Sprints to To Be Groomed
Actions #3

Updated by Tom Morris about 5 years ago

  • Target version changed from To Be Groomed to Arvados Future Sprints
Actions #4

Updated by Peter Amstutz over 2 years ago

  • Target version deleted (Arvados Future Sprints)
Actions #5

Updated by Peter Amstutz about 1 year ago

  • Release set to 60
Actions #6

Updated by Peter Amstutz 27 days ago

  • Target version set to Future
Actions

Also available in: Atom PDF