You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
For requests that are unsafe OR cross-origin, browsers make a preflight request to the Rucio Server. A preflight request is essentially an OPTIONS ( HTTP method) to the same endpoint where the actual request was intended.
The old WebUI never had the requirement of handling pre-flight requests, since the requests always went to the WebUI flask server, which was available on the same apache host as the rucio server:
However, the new UI is a React application running in the browser and any request that is made to the rucio server invokes the CORS preflight request. All of these preflight requests are blocked as the the rucio server does not handle the OPTIONS HTTP methods. (anywhere besides auth endpoints)
As a result, while the new WebUI can successfully obtain the rucio token, any subsequent request made to other endpoints of the rucio server fail.
Modification
Add a flask middleware to filter for OPTIONS requests and respond to the them with a 200 OK response if they originate from the WebUI URLs specified in the appropriate rucio.cfg section
The text was updated successfully, but these errors were encountered:
Motivation
For requests that are
unsafe
ORcross-origin
, browsers make apreflight
request to the Rucio Server. Apreflight
request is essentially anOPTIONS
( HTTP method) to the same endpoint where the actual request was intended.The old WebUI never had the requirement of handling pre-flight requests, since the requests always went to the WebUI flask server, which was available on the same apache host as the rucio server:
rucio/lib/rucio/web/ui/static/rucio.js
Lines 27 to 29 in 763454f
Besides the auth server, no other endpoints had to handle the
HTTP OPTIONS
request.rucio/lib/rucio/web/rest/flaskapi/v1/auth.py
Lines 992 to 998 in 763454f
However, the new UI is a React application running in the browser and any request that is made to the rucio server invokes the CORS
preflight
request. All of these preflight requests are blocked as the the rucio server does not handle theOPTIONS
HTTP methods. (anywhere besides auth endpoints)As a result, while the new WebUI can successfully obtain the rucio token, any subsequent request made to other endpoints of the rucio server fail.
Modification
Add a flask middleware to filter for OPTIONS requests and respond to the them with a
200 OK
response if they originate from the WebUI URLs specified in the appropriaterucio.cfg
sectionThe text was updated successfully, but these errors were encountered: