-
-
Notifications
You must be signed in to change notification settings - Fork 15.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add content length and date headers to CORS response #2290
Conversation
@m0wfo thanks merged into 4.0, 4.1 and master. About some minimal headers I have no idea yet ;) |
Just went for a walk and thought about it- the codecs are quite unopinionated and low-level enough that it's probably not necessary or desirable IMHO- but CorsHandler solves a very specific and relatively high-level use case. Therefore to say it works, it should include the bare minimum of headers to keep common load balancers happy. Just my 2c :) |
I think it might be difficult for know up front all the possible response headers that different load balancers require, but this could be due to my limited knowledge of load balancers. Should we try to specify a default set and also enable the CorsHandler to be configured to take any additional that we might miss? |
Maybe we could allow the user to override it?
|
@normanmaurer That would work to. Have a default set and then be able to override that by adding any number of preflight response headers.
Or something like that, wdyt? Really not sure what the default response headers should be though. I don't understand what a load balancer would use the |
Added a suggestion in this branch. |
@normanmaurer @m0wfo Let me know if you think this is alright for a PR? |
@danbev Yes, please issue a pull request. |
Motivation: An intermediary like a load balancer might require that a Cross Origin Resource Sharing (CORS) preflight request have certain headers set. As a concrete example the Elastic Load Balancer (ELB) requires the 'Date' and 'Content-Length' header to be set or it will fail with a 502 error code. This works is an enhancement of netty#2290 Modifications: CorsConfig has been extended to make additional HTTP response headers configurable for preflight responses. Since some headers, like the 'Date' header need to be generated each time, m0wfo suggested using a Callable. Result: By default, the 'Date' and 'Content-Lenght' headers will be sent in a preflight response. This can be overriden and users can specify any headers that might be required by different intermediaries.
Motivation: An intermediary like a load balancer might require that a Cross Origin Resource Sharing (CORS) preflight request have certain headers set. As a concrete example the Elastic Load Balancer (ELB) requires the 'Date' and 'Content-Length' header to be set or it will fail with a 502 error code. This works is an enhancement of netty#2290 Modifications: CorsConfig has been extended to make additional HTTP response headers configurable for preflight responses. Since some headers, like the 'Date' header need to be generated each time, m0wfo suggested using a Callable. Result: By default, the 'Date' and 'Content-Lenght' headers will be sent in a preflight response. This can be overriden and users can specify any headers that might be required by different intermediaries.
Motivation: An intermediary like a load balancer might require that a Cross Origin Resource Sharing (CORS) preflight request have certain headers set. As a concrete example the Elastic Load Balancer (ELB) requires the 'Date' and 'Content-Length' header to be set or it will fail with a 502 error code. This works is an enhancement of netty#2290 Modifications: CorsConfig has been extended to make additional HTTP response headers configurable for preflight responses. Since some headers, like the 'Date' header need to be generated each time, m0wfo suggested using a Callable. Result: By default, the 'Date' and 'Content-Lenght' headers will be sent in a preflight response. This can be overriden and users can specify any headers that might be required by different intermediaries.
Motivation: An intermediary like a load balancer might require that a Cross Origin Resource Sharing (CORS) preflight request have certain headers set. As a concrete example the Elastic Load Balancer (ELB) requires the 'Date' and 'Content-Length' header to be set or it will fail with a 502 error code. This works is an enhancement of netty#2290 Modifications: CorsConfig has been extended to make additional HTTP response headers configurable for preflight responses. Since some headers, like the 'Date' header need to be generated each time, m0wfo suggested using a Callable. Result: By default, the 'Date' and 'Content-Lenght' headers will be sent in a preflight response. This can be overriden and users can specify any headers that might be required by different intermediaries.
Motivation: An intermediary like a load balancer might require that a Cross Origin Resource Sharing (CORS) preflight request have certain headers set. As a concrete example the Elastic Load Balancer (ELB) requires the 'Date' and 'Content-Length' header to be set or it will fail with a 502 error code. This works is an enhancement of netty#2290 Modifications: CorsConfig has been extended to make additional HTTP response headers configurable for preflight responses. Since some headers, like the 'Date' header need to be generated each time, m0wfo suggested using a Callable. Result: By default, the 'Date' and 'Content-Lenght' headers will be sent in a preflight response. This can be overriden and users can specify any headers that might be required by different intermediaries.
Load balancers such as ELB will return a
502
to a client's preflight request due to the omission of date and content-length headers in Netty.Am not sure this is the best place to put this, but some way of appending minimal standard response headers would be nice... maybe as a flag in
HttpServerCodec
?