Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Getting started guide is broken #2657

Closed
florianpopp opened this issue Aug 10, 2016 · 1 comment
Closed

Getting started guide is broken #2657

florianpopp opened this issue Aug 10, 2016 · 1 comment
Assignees
Labels
Milestone

Comments

@florianpopp
Copy link
Member

@florianpopp florianpopp commented Aug 10, 2016

When login in for the first time I get server disconnect notifications that refresh the page repeatedly. Going to e.g. search works fine but getting started guide seems to be broken in Firefox. Chrome seems to work.

Expected Behavior

Getting started guide should load

Current Behavior

Getting started guide does not load, instead I receive server disconnect notifications repeatedly

Steps to Reproduce (for bugs)

  1. Install graylog-2.1.0-beta.3-SNAPSHOT-20160810152728
  2. Use Firefox browser
  3. Login to your setup
  4. /gettingstartedguide is not loading

Your Environment

  • Graylog Version: graylog-2.1.0-beta.3-SNAPSHOT-20160810152728
  • Elasticsearch Version:
  • MongoDB Version:
  • Operating System:
  • Browser version: Firefox 47
@edmundoa
Copy link
Member

@edmundoa edmundoa commented Aug 10, 2016

Looking a bit more into it, it seems that Firefox is not receiving the same responses as Chrome does in CORS requests going to a plugin resource (i.e. /plugins/org.graylog.plugins.usagestatistics/config).

I can see this error in the Firefox console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://172.16.20.6:12900/plugins/org.graylog.plugins.usagestatistics/opt-out. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

Here are the request and response headers both FF and Chrome get when doing an OPTIONS request to /plugins/org.graylog.plugins.usagestatistics/config

Firefox

Request:

Host: 172.16.20.6:12900
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:48.0) Gecko/20100101 Firefox/48.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-GB,en;q=0.8,de;q=0.6,es-ES;q=0.4,es;q=0.2
Accept-Encoding: gzip, deflate
DNT: 1
Access-Control-Request-Method: GET
Access-Control-Request-Headers: authorization,content-type,x-requested-with
Origin: http://172.16.20.6:9000
Connection: keep-alive

Response headers:

Content-Length: 544
Content-Type: text/html
Date: Wed, 10 Aug 2016 17:09:06 GMT
X-Graylog-Node-ID: 8c7236a4-a202-48c5-a32d-7dec6171ae6b
X-UA-Compatible: IE=edge

Chrome

Request headers:

OPTIONS /plugins/org.graylog.plugins.usagestatistics/config HTTP/1.1
Host: 172.16.20.6:12900
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://172.16.20.6:9000
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2825.0 Safari/537.36
Access-Control-Request-Headers: authorization, content-type, x-requested-with
Accept: */*
Referer: http://172.16.20.6:9000/gettingstarted
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en-US,en;q=0.8

Response headers:

HTTP/1.1 204 No Content
Access-Control-Allow-Origin: http://172.16.20.6:9000
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Authorization, Content-Type, X-Graylog-No-Session-Extension, X-Requested-With
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
Access-Control-Max-Age: 600
X-Graylog-Node-ID: 8c7236a4-a202-48c5-a32d-7dec6171ae6b
Date: Wed, 10 Aug 2016 17:08:32 GMT
@bernd bernd modified the milestone: 2.1.0 Aug 11, 2016
@dennisoelkers dennisoelkers self-assigned this Aug 11, 2016
dennisoelkers added a commit that referenced this issue Aug 11, 2016
The WebAppNotFoundResponseFilter running before the CORSFilter causes
the latter to skip adding CORS headers for OPTIONS requests.

This change forces the CORSFilter to run before in the post phase,
so the CORS headers are added. It also skips the
WebAppNotFoundResponseFilter for non-get requests.

Fixes #2657
edmundoa added a commit that referenced this issue Aug 11, 2016
)

* Run WebAppNotFoundResponseFilter later and for GET requests only.

The WebAppNotFoundResponseFilter running before the CORSFilter causes
the latter to skip adding CORS headers for OPTIONS requests.

This change forces the CORSFilter to run before in the post phase,
so the CORS headers are added. It also skips the
WebAppNotFoundResponseFilter for non-get requests.

Fixes #2657

* Also mocking http method in request context of tests.

* Adding test that POST requests do not trigger filter.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

4 participants