You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems like the Access-Control-Allow-Origin header is being set to lowercase when it is run through the configurable-http-proxy. Although this is no problem in Chrome, it causes the Safari browser to not recognize the header.
Here's an example. When I access the kernel service over the proxy, not the lower-cased value for Access-Control-Allow-Origin.
That is just beyond annoying. RFC 2616 declares them case insensitive (section 4.2), but I'm not sure I'll ever expect standards to get adhered to. Definitely an issue to raise in the configurable-http-proxy. Seems to come up in node land and the config proxy is based on http-proxy.
That is just beyond annoying. RFC 2616 http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html declares them
case insensitive (section 4.2), but I'm not sure I'll ever expect standards
to get adhered to. Definitely an issue to raise in the
configurable-http-proxy. Seems to come up in node land nodejs/node-v0.x-archive#1954 and the config proxy is
based on http-proxy.
—
Reply to this email directly or view it on GitHub #4 (comment)
.
It seems like the Access-Control-Allow-Origin header is being set to lowercase when it is run through the configurable-http-proxy. Although this is no problem in Chrome, it causes the Safari browser to not recognize the header.
Here's an example. When I access the kernel service over the proxy, not the lower-cased value for Access-Control-Allow-Origin.
http http://jupyter-kernel.odewahn.com:8000/user/pVLZmkH43KTT/api/kernels
HTTP/1.1 200 OK
access-control-allow-origin: *
connection: close
content-length: 67
content-security-policy:
content-type: text/html; charset=UTF-8
date: Wed, 14 Jan 2015 20:03:13 GMT
etag: "93ee31e7d5a26e434153a8cb61633602a0d273cb"
server: TornadoServer/4.0.2
set-cookie: ignored=; expires=Tue, 14 Jan 2014 20:03:13 GMT; Path=/
x-frame-options: SAMEORIGIN
[{"id": "cea89cc0-55a5-42bb-b926-755e5786d8ef", "name": "python2"}]
When I run this directly on the host, though, and bypass the proxy, here's the result. Note that the header is mixed case, which is what is expected:
http 0.0.0.0:50746/user/pVLZmkH43KTT/api/kernels
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Content-Length: 67
Content-Security-Policy:
Content-Type: text/html; charset=UTF-8
Date: Wed, 14 Jan 2015 20:05:04 GMT
Etag: "93ee31e7d5a26e434153a8cb61633602a0d273cb"
Server: TornadoServer/4.0.2
Set-Cookie: ignored=; expires=Tue, 14 Jan 2014 20:05:04 GMT; Path=/
X-Frame-Options: SAMEORIGIN
[{"id": "cea89cc0-55a5-42bb-b926-755e5786d8ef", "name": "python2"}]
The text was updated successfully, but these errors were encountered: