Bug #11509
closed
[Keep-web] Support CORS requests with Range headers
100%
Description
Background¶
The Workbench log viewer uses an ajax request to retrieve log data. It uses the POST method so it can include the api_token in the body. If the log is larger than the configured limit (log_viewer_max_bytes), it also adds a Range header.
Problem¶
Range is not a "safe" header for CORS, so the browser performs a pre-flight OPTIONS request, to which keep-web responds 405, so the request fails.
Solution¶
keep-web should respond to OPTIONS requests with 200 status and CORS headers:- Access-Control-Allow-Origin: *
- Access-Control-Max-Age: 86400
- Access-Control-Allow-Headers: Range
- Access-Control-Allow-Methods: GET, POST
Updated by Tom Clegg over 7 years ago
11509-keep-web-cors-range @ cf311e8e16ba74467c77b5353afedc29b40a6a41
Updated by Radhika Chippada over 7 years ago
Just a nit about the TestCORSPreflight. It would be nice to add a comment for each block doing "h.ServeHTTP(resp, req)" the intent and expectation. Also, might be nice to have another block with GET method.
LGTM
Updated by Tom Clegg over 7 years ago
- Status changed from In Progress to Resolved
Applied in changeset arvados|commit:e3ac17f8a8aa439e21a8bf56a571f91a671313f7.
Updated by Tom Morris over 5 years ago
- Related to Story #11065: [API] Delete rows from logs table when they exceed a configured threshold added