Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirects in Che plugin registry not covered by Access-Control-Allow-Origin header #16103

Closed
4 of 23 tasks
filipkroupa opened this issue Feb 21, 2020 · 13 comments
Closed
4 of 23 tasks

Redirects in Che plugin registry not covered by Access-Control-Allow-Origin header #16103

filipkroupa opened this issue Feb 21, 2020 · 13 comments
Labels
area/plugin-registry kind/bug Outline of a bug - must adhere to the bug report template. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P1 Has a major impact to usage or development of the system.

Comments

@filipkroupa
Copy link

Describe the bug

Che plugin registry configuration provides some redirections, eg.
http://<plugin-registry-che>/plugins/ redirects to http://<plugin-registry-che>/v3/plugins/

Using the redirect address would result in CORS violation

Access to XMLHttpRequest at 'http://che-plugin-registry-che.10.108.127.216.nip.io//plugins/' from origin 'http://che-che.10.108.127.216.nip.io' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Reason is that the redirect address response does not have the Access-Control-Allow-Origin header.

[root@czprapd-chenext ~]# curl --head http://plugin-registry-che.10.108.127.216.nip.io/plugins/
HTTP/1.1 302 Found
Server: openresty/1.15.8.2
Date: Fri, 21 Feb 2020 13:56:57 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://plugin-registry-che.10.108.127.216.nip.io/v3/plugins/

Only request directly to v3/plugins has the right header

[root@czprapd-chenext ~]# curl --head http://plugin-registry-che.10.108.127.216.nip.io/v3/plugins/
HTTP/1.1 200 OK
Server: openresty/1.15.8.2
Date: Fri, 21 Feb 2020 13:56:47 GMT
Content-Type: application/json
Content-Length: 74388
Connection: keep-alive
Vary: Accept-Encoding
Accept-Ranges: bytes
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: Authorization
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, must-revalidate
Expires: Mon, 10 Apr 1972 00:00:00 GMT

Please note that this is not just theoretical issue, since the redirect address is actually used if Che is deployed using chectl with custom plugin registry provided by parameter --plugin-registry-url=.
(see steps to reproduce)

Che version

  • latest
  • nightly
  • other: please specify

Steps to reproduce

  1. Start Che with custom plugin registry URL, using command chectl server:start --multiuser --platform=minikube --plugin-registry-url=http://<che-plugin-registry-URL>
  2. Login to Che
  3. Open Get Started view
  4. Choose any stack, perform Create & Proceed editing
  5. Error messages pop-up: Failed to load plugins. Failed to load editors.
  6. In browser console, error is shown: Access to XMLHttpRequest at 'http://<che-plugin-registry-URL>//plugins/' from origin 'http://<che-che-URL>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

Expected behavior

Plugin registry should return contents even on provided redirect addresses.

Runtime

  • kubernetes (include output of kubectl version)
  • Openshift (include output of oc version)
  • minikube (include output of minikube version and kubectl version)
  • minishift (include output of minishift version and oc version)
  • docker-desktop + K8S (include output of docker version and kubectl version)
  • other: (please specify)

[root@czprapd-chenext ~]# minikube version
minikube version: v1.6.2
commit: 54f28ac5d3a815d1196cd5d57d707439ee4bb392

[root@czprapd-chenext ~]# kubectl version
Client Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.2", GitCommit:"59603c6e503c87169aea6106f57b9f242f64df89", GitTreeState:"clean", BuildDate:"2020-01-18T23:30:10Z", GoVersion:"go1.13.5", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"17", GitVersion:"v1.17.0", GitCommit:"70132b0f130acc0bed193d9ba59dd186f0e634cf", GitTreeState:"clean", BuildDate:"2019-12-07T21:12:17Z", GoVersion:"go1.13.4", Compiler:"gc", Platform:"linux/amd64"}

Screenshots

Installation method

  • chectl
  • che-operator
  • minishift-addon
  • I don't know

Environment

  • my computer
    • Windows
    • Linux
    • macOS
  • Cloud
    • Amazon
    • Azure
    • GCE
    • other (please specify)
  • other: custom VM, CentOS, minikube on docker

Additional context

Based on this documentation I was able to quick-fix this issue by modifying .htaccess file and providing always condition to Access-Control-Allow-Origin header

Header always set Access-Control-Allow-Origin "*"

This is my suggested fix for this issue
@filipkroupa filipkroupa added the kind/bug Outline of a bug - must adhere to the bug report template. label Feb 21, 2020
@che-bot che-bot added the status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. label Feb 21, 2020
@tolusha tolusha added severity/P1 Has a major impact to usage or development of the system. area/plugin-registry and removed status/need-triage An issue that needs to be prioritized by the curator responsible for the triage. See https://github. labels Feb 24, 2020
@filipkroupa filipkroupa mentioned this issue Apr 27, 2020
Closed
@davidwindell
Copy link
Contributor

davidwindell commented Jul 22, 2020
edited
Loading

I've just come across this after upgrading from 7.15.1 to 7.16.1 (Kubernetes deployment).

This completely breaks the plugin list on Che.

@davidwindell
Copy link
Contributor

davidwindell commented Jul 22, 2020
edited
Loading

I've had to go further to fix this than the "always", for some reason apache was redirecting to non-https, so I changed the redirects in the .htaccess file to:

Redirect temp /plugins https://plugin-registry-che.my.che.domain/v3/plugins
Redirect temp /resources https://plugin-registry-che.my.che.domain/v3/resources

@tolusha I think this is going to cause problems for other users upgrading from 7.15. I feel like #17392 might have broken it.

EDIT: I am using multi-host strategy so /v3 doesn't end up in the config URL

@tolusha
Copy link
Contributor

tolusha commented Jul 23, 2020

@davidwindell
Do you use custom plugin registry as well ?

@davidwindell
Copy link
Contributor

@tolusha no I use the default kubernetes deployment

@tolusha
Copy link
Contributor

tolusha commented Jul 23, 2020

@davidwindell
7.16.1 isn't released yet
I've checked updating from 7.15.1 to 7.16.0 and didn't face any problem.

@dmytro-ndp
Do we do any tests with custom plugin registry?

@tolusha
Copy link
Contributor

tolusha commented Jul 23, 2020

@filipkroupa
Can you confirm that custom plugin registry is run over http and che over https?

@davidwindell
Copy link
Contributor

According to Github it's released :D I don't think HTTP is the issue, it's the fact that in multi-host mode, the new template doesn't apply /v3/ to the URL in the configmap.

@tolusha
Copy link
Contributor

tolusha commented Jul 24, 2020

@davidwindell
I got the problem. I will try to provide a fix.

@tolusha tolusha mentioned this issue Jul 24, 2020
Merged
@filipkroupa
Copy link
Author

@tolusha No, I'm running both over https. I have some other modifications to plugin registry configuration files when https became mandatory

@filipkroupa
Copy link
Author

@tolusha I've updated the changes I currently have in my private build of plugin registry to a branch in my fork, you can check if any of it would help you eclipse-che/che-plugin-registry@master...filipkroupa:custom-registry-cors-https

@tolusha
Copy link
Contributor

tolusha commented Jul 27, 2020

@filipkroupa
Could you check pls, if adding /v3 to CHE_PLUGIN_REGISTRY_URL in che configmap can simply fix the problem?

@jamecaes
Copy link

For me, adding /v3 to CHE_PLUGIN_REGISTRY_URL on configmap and destroy previous pod, fix my problem!!!!

@che-bot
Copy link
Contributor

che-bot commented Feb 4, 2021

Issues go stale after 180 days of inactivity. lifecycle/stale issues rot after an additional 7 days of inactivity and eventually close.

Mark the issue as fresh with /remove-lifecycle stale in a new comment.

If this issue is safe to close now please do so.

Moderators: Add lifecycle/frozen label to avoid stale mode.

@che-bot che-bot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Feb 4, 2021
@ericwill ericwill closed this as completed Feb 4, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area/plugin-registry kind/bug Outline of a bug - must adhere to the bug report template. lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. severity/P1 Has a major impact to usage or development of the system.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
6 participants
@tolusha @davidwindell @ericwill @che-bot @jamecaes @filipkroupa