New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting started guide is broken #2657

Closed
florianvolle opened this Issue Aug 10, 2016 · 1 comment

Comments

Projects
None yet
4 participants
@florianvolle
Member

florianvolle commented Aug 10, 2016

When login in for the first time I get server disconnect notifications that refresh the page repeatedly. Going to e.g. search works fine but getting started guide seems to be broken in Firefox. Chrome seems to work.

Expected Behavior

Getting started guide should load

Current Behavior

Getting started guide does not load, instead I receive server disconnect notifications repeatedly

Steps to Reproduce (for bugs)

  1. Install graylog-2.1.0-beta.3-SNAPSHOT-20160810152728
  2. Use Firefox browser
  3. Login to your setup
  4. /gettingstartedguide is not loading

Your Environment

  • Graylog Version: graylog-2.1.0-beta.3-SNAPSHOT-20160810152728
  • Elasticsearch Version:
  • MongoDB Version:
  • Operating System:
  • Browser version: Firefox 47
@edmundoa

This comment has been minimized.

Member

edmundoa commented Aug 10, 2016

Looking a bit more into it, it seems that Firefox is not receiving the same responses as Chrome does in CORS requests going to a plugin resource (i.e. /plugins/org.graylog.plugins.usagestatistics/config).

I can see this error in the Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://172.16.20.6:12900/plugins/org.graylog.plugins.usagestatistics/opt-out. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Here are the request and response headers both FF and Chrome get when doing an OPTIONS request to /plugins/org.graylog.plugins.usagestatistics/config

Firefox

Request:

Host: 172.16.20.6:12900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.8,de;q=0.6,es-ES;q=0.4,es;q=0.2
Accept-Encoding: gzip, deflate
DNT: 1
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Origin: http://172.16.20.6:9000
Connection: keep-alive

Response headers:

Content-Length: 544
Content-Type: text/html
Date: Wed, 10 Aug 2016 17:09:06 GMT
X-Graylog-Node-ID: 8c7236a4-a202-48c5-a32d-7dec6171ae6b
X-UA-Compatible: IE=edge

Chrome

Request headers:

OPTIONS /plugins/org.graylog.plugins.usagestatistics/config HTTP/1.1
Host: 172.16.20.6:12900
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://172.16.20.6:9000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2825.0 Safari/537.36
Access-Control-Request-Headers: authorization, content-type, x-requested-with
Accept: */*
Referer: http://172.16.20.6:9000/gettingstarted
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

Response headers:

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://172.16.20.6:9000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 8c7236a4-a202-48c5-a32d-7dec6171ae6b
Date: Wed, 10 Aug 2016 17:08:32 GMT

@bernd bernd modified the milestone: 2.1.0 Aug 11, 2016

@dennisoelkers dennisoelkers self-assigned this Aug 11, 2016

dennisoelkers added a commit that referenced this issue Aug 11, 2016

Run WebAppNotFoundResponseFilter later and for GET requests only.
The WebAppNotFoundResponseFilter running before the CORSFilter causes
the latter to skip adding CORS headers for OPTIONS requests.

This change forces the CORSFilter to run before in the post phase,
so the CORS headers are added. It also skips the
WebAppNotFoundResponseFilter for non-get requests.

Fixes #2657

edmundoa added a commit that referenced this issue Aug 11, 2016

Run WebAppNotFoundResponseFilter later and for GET requests only. (#2664
)

* Run WebAppNotFoundResponseFilter later and for GET requests only.

The WebAppNotFoundResponseFilter running before the CORSFilter causes
the latter to skip adding CORS headers for OPTIONS requests.

This change forces the CORSFilter to run before in the post phase,
so the CORS headers are added. It also skips the
WebAppNotFoundResponseFilter for non-get requests.

Fixes #2657

* Also mocking http method in request context of tests.

* Adding test that POST requests do not trigger filter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment