Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Swift: Setting "Access-Control-Allow-Origin" header #6191

Closed
cyberduck opened this issue Sep 2, 2011 · 10 comments
Closed

Swift: Setting "Access-Control-Allow-Origin" header #6191

cyberduck opened this issue Sep 2, 2011 · 10 comments
Assignees
Milestone

Comments

@cyberduck
Copy link
Collaborator

@cyberduck cyberduck commented Sep 2, 2011

d3ce225 created the issue

When updating an object to set custom headers and setting the "Access-Control-Allow-Origin" header, on download that header is clobbered to "x-object-meta-access-control-allow-origin". When setting this header using the Rackspace API, it does not get altered in any way.

To reproduce, open CD, connect to Swift, open a container and select an object, right-click Info, Metadata, add Custom Header:

name: "Access-Control-Allow-Origin"
value: http://domain.foo

Then download the object:

curl -v http://cXXXX.rXX.cfX.rackcdn.com/filename
* About to connect() to c3240.6e34c3667c4e6e5a72b9bda89e6718932100ab31.cf2.rackcdn.com port 80 (#0)
*   Trying 96.17.106.113... connected
<snip> 
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 19251
< x-object-meta-access-control-allow-origin: http%3A%2F%2Fdomain.foo 

Attachments

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 4, 2011

@dkocher commented

I don't think that headers such access control headers or others such as Content-Encoding can be modified with a POST request which is for custom metadata only. I expect the Access-Control-Allow-Origin header would need to be added in the original PUT request when uploading the object. Can you post the HTTP transcript when setting this with another tool you succeed with?

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 4, 2011

d3ce225 commented

My bad, I meant to provide curl commands that showed normal API behavior.

# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg

<snip>
<html>
 <head>
  <title>202 Accepted</title>
 </head>
 <body>
  <h1>202 Accepted</h1>
  The request is accepted for processing.<br /><br />
</body>

# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg

<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 4, 2011

@dkocher commented

Replying to [comment:3 markdeverter]:

My bad, I meant to provide curl commands that showed normal API behavior.

# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg

<snip>
<html>
 <head>
  <title>202 Accepted</title>
 </head>
 <body>
  <h1>202 Accepted</h1>
  The request is accepted for processing.<br /><br />
</body>

# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg

<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT

Thanks for the snipped. That is interesting as it is a undocumented feature from my knowledge. I will dig into this further.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 19, 2011

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 19, 2011

@dkocher commented

Duplicate issue in #6239.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 19, 2011

@dkocher commented

In 5398575.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented Sep 20, 2011

@dkocher commented

A new snapshot build is now available for Mac & Windows.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 25, 2013

7849812 commented

Still reproducible on version 4.3.1 (Windows) with CloudFiles. Setting "Access-Control-Allow-Origin" header produces "X-Object-Meta-Access-Control-Allow-Origin". Should I try some fresh builds?

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 25, 2013

@dkocher commented

This is a regression in current builds. See also #7209.

@cyberduck
Copy link
Collaborator Author

@cyberduck cyberduck commented May 25, 2013

7849812 commented

Thank you! Using older version helps. I've tried 4.1.3 and headers are properly set.

@iterate-ch iterate-ch locked as resolved and limited conversation to collaborators Nov 26, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

2 participants