-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Redirects in Che plugin registry not covered by Access-Control-Allow-Origin header #16103
Comments
I've just come across this after upgrading from 7.15.1 to 7.16.1 (Kubernetes deployment). This completely breaks the plugin list on Che. |
I've had to go further to fix this than the "always", for some reason apache was redirecting to non-https, so I changed the redirects in the .htaccess file to:
@tolusha I think this is going to cause problems for other users upgrading from 7.15. I feel like #17392 might have broken it. EDIT: I am using |
@davidwindell |
@tolusha no I use the default kubernetes deployment |
@davidwindell @dmytro-ndp |
@filipkroupa |
According to Github it's released :D I don't think HTTP is the issue, it's the fact that in multi-host mode, the new template doesn't apply /v3/ to the URL in the configmap. |
@davidwindell |
@tolusha No, I'm running both over https. I have some other modifications to plugin registry configuration files when https became mandatory |
@tolusha I've updated the changes I currently have in my private build of plugin registry to a branch in my fork, you can check if any of it would help you eclipse-che/che-plugin-registry@master...filipkroupa:custom-registry-cors-https |
@filipkroupa |
For me, adding |
Issues go stale after Mark the issue as fresh with If this issue is safe to close now please do so. Moderators: Add |
Describe the bug
Che plugin registry configuration provides some redirections, eg.
http://<plugin-registry-che>/plugins/
redirects tohttp://<plugin-registry-che>/v3/plugins/
Using the redirect address would result in CORS violation
Reason is that the redirect address response does not have the Access-Control-Allow-Origin header.
Only request directly to v3/plugins has the right header
Please note that this is not just theoretical issue, since the redirect address is actually used if Che is deployed using
chectl
with custom plugin registry provided by parameter--plugin-registry-url=
.(see steps to reproduce)
Che version
Steps to reproduce
chectl server:start --multiuser --platform=minikube --plugin-registry-url=http://<che-plugin-registry-URL>
Access to XMLHttpRequest at 'http://<che-plugin-registry-URL>//plugins/' from origin 'http://<che-che-URL>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Expected behavior
Plugin registry should return contents even on provided redirect addresses.
Runtime
kubectl version
)oc version
)minikube version
andkubectl version
)minishift version
andoc version
)docker version
andkubectl version
)Screenshots
Installation method
Environment
Additional context
Based on this documentation I was able to quick-fix this issue by modifying .htaccess file and providing always condition to Access-Control-Allow-Origin header
This is my suggested fix for this issue
The text was updated successfully, but these errors were encountered: