Project

General

Profile

Actions

Feature #8064

open

[Keep-web] Support CORS requests with Authorization headers

Added by Tom Clegg about 9 years ago. Updated over 3 years ago.

Status:
New
Priority:
Normal
Assigned To:
-
Category:
Keep
Target version:
-
Start date:
12/18/2015
Due date:
% Done:

0%

Estimated time:
Story points:
0.5

Description

Background

In #7884 we needed to add minimal CORS support to keep-web (allowing simple requests that don't need pre-flight) in order to let the Workbench log viewer retrieve log data from keep-web.

However, supplying an API token in an Authorization header (where it rightfully belongs) makes it a non-simple request requiring preflight. The workaround was to do a POST request with the token supplied in a form in the request body.

Implementation

Proper CORS support includes:
  • Respond to OPTIONS requests (Allow: GET, POST) adding appropriate CORS headers (allow-methods "GET, POST"; allow-origin "*"; allow-headers "Authorization, Range", max-age 86400) if the Origin request header is present.
  • Add appropriate CORS headers to GET and POST requests if the Origin request header is set (allow-origin "*"; max-age 86400; expose-headers "Accept-Ranges, Content-Disposition, Content-Length, Content-Range")

This should allow Workbench to do a GET request with an Authorization header, instead of a POST request with a form. The special case in keep-web (responding to a POST request without a redirect if the Origin request header is present) won't be needed for Workbench any more, but should probably still be supported so other clients have more options at their disposal.


Related issues 1 (0 open1 closed)

Related to Arvados - Bug #7884: [Workbench] log viewer does not handle "redirect to keep-web" responseResolvedTom Clegg12/01/2015

Actions
Actions #1

Updated by Tom Morris almost 6 years ago

  • Target version set to Arvados Future Sprints
Actions #2

Updated by Tom Morris almost 6 years ago

  • Target version changed from Arvados Future Sprints to To Be Groomed
Actions #3

Updated by Tom Morris almost 6 years ago

  • Target version changed from To Be Groomed to Arvados Future Sprints
Actions #4

Updated by Peter Amstutz over 3 years ago

  • Target version deleted (Arvados Future Sprints)
Actions

Also available in: Atom PDF