Skip to content

Commit

Permalink
Solve last CORS issues about duplicated headers (#604)
Browse files Browse the repository at this point in the history
Fix: Solve last CORS errors raised cause by duplication of headers returned.
  • Loading branch information
nesitor authored and hoh committed Apr 26, 2024
1 parent 54680ba commit ab79b77
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 29 deletions.
4 changes: 3 additions & 1 deletion src/aleph/vm/orchestrator/resources.py
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@
from pydantic import BaseModel, Field

from aleph.vm.conf import settings
from aleph.vm.utils import cors_allow_all


class Period(BaseModel):
Expand Down Expand Up @@ -92,6 +93,7 @@ def get_machine_properties() -> MachineProperties:
)


@cors_allow_all
async def about_system_usage(_: web.Request):
"""Public endpoint to expose information about the system usage."""
period_start = datetime.now(timezone.utc).replace(second=0, microsecond=0)
Expand All @@ -116,7 +118,7 @@ async def about_system_usage(_: web.Request):
),
properties=get_machine_properties(),
)
return web.json_response(text=usage.json(exclude_none=True), headers={"Access-Control-Allow-Origin:": "*"})
return web.json_response(text=usage.json(exclude_none=True))


class Allocation(BaseModel):
Expand Down
13 changes: 0 additions & 13 deletions src/aleph/vm/orchestrator/supervisor.py
Original file line number Diff line number Diff line change
Expand Up @@ -69,19 +69,6 @@ async def server_version_middleware(
return resp


async def allow_cors_on_endpoint(request: web.Request):
"""Allow CORS on endpoints that VM owners use to control their machine."""
return web.Response(
status=200,
headers={
"Access-Control-Allow-Headers": "*",
"Access-Control-Allow-Methods": "*",
"Access-Control-Allow-Origin": "*",
"Allow": "POST",
},
)


async def http_not_found(request: web.Request):
"""Return a 404 error for unknown URLs."""
return web.HTTPNotFound()
Expand Down
18 changes: 5 additions & 13 deletions src/aleph/vm/orchestrator/views/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -214,13 +214,9 @@ async def status_check_fastapi(request: web.Request, vm_id: Optional[ItemHash] =
# "ipv6": await status.check_ipv6(session),
}

return web.json_response(
result, status=200 if all(result.values()) else 503, headers={"Access-Control-Allow-Origin": "*"}
)
return web.json_response(result, status=200 if all(result.values()) else 503)
except aiohttp.ServerDisconnectedError as error:
return web.json_response(
{"error": f"Server disconnected: {error}"}, status=503, headers={"Access-Control-Allow-Origin": "*"}
)
return web.json_response({"error": f"Server disconnected: {error}"}, status=503)


@cors_allow_all
Expand All @@ -246,7 +242,7 @@ async def status_check_host(request: web.Request):
},
}
result_status = 200 if all(result["ipv4"].values()) and all(result["ipv6"].values()) else 503
return web.json_response(result, status=result_status, headers={"Access-Control-Allow-Origin": "*"})
return web.json_response(result, status=result_status)


@cors_allow_all
Expand All @@ -260,7 +256,7 @@ async def status_check_ipv6(request: web.Request):
vm_ipv6 = False

result = {"host": await check_host_egress_ipv6(), "vm": vm_ipv6}
return web.json_response(result, headers={"Access-Control-Allow-Origin": "*"})
return web.json_response(result)


@cors_allow_all
Expand All @@ -283,7 +279,6 @@ async def status_check_version(request: web.Request):
return web.Response(
status=200,
text=f"Up-to-date: version {current} >= {reference}",
headers={"Access-Control-Allow-Origin": "*"},
)
else:
return web.HTTPForbidden(text=f"Outdated: version {current} < {reference}")
Expand Down Expand Up @@ -327,7 +322,6 @@ async def status_public_config(request: web.Request):
},
},
dumps=dumps_for_json,
headers={"Access-Control-Allow-Origin": "*"},
)


Expand Down Expand Up @@ -436,9 +430,7 @@ async def notify_allocation(request: web.Request):
except JSONDecodeError:
return web.HTTPBadRequest(reason="Body is not valid JSON")
except ValidationError as error:
return web.json_response(
data=error.json(), status=web.HTTPBadRequest.status_code, headers={"Access-Control-Allow-Origin": "*"}
)
return web.json_response(data=error.json(), status=web.HTTPBadRequest.status_code)

pubsub: PubSub = request.app["pubsub"]
pool: VmPool = request.app["vm_pool"]
Expand Down
2 changes: 0 additions & 2 deletions src/aleph/vm/orchestrator/views/authentication.py
Original file line number Diff line number Diff line change
Expand Up @@ -227,8 +227,6 @@ async def wrapper(request):
return web.json_response(data={"error": e.reason}, status=e.status)

response = await handler(request, authenticated_sender)
# Allow browser clients to access the body of the response
response.headers.update({"Access-Control-Allow-Origin": request.headers.get("Origin", "")})
return response

return wrapper

0 comments on commit ab79b77

Please sign in to comment.