Opened on Sep 2, 2011 at 3:47:11 PM
#6191 closed defect (duplicate)
Swift: Setting "Access-Control-Allow-Origin" header
Reported by: | markdeverter | Owned by: | dkocher |
---|---|---|---|
Priority: | normal | Milestone: | 4.4 |
Component: | cloudfiles | Version: | 4.1 |
Severity: | normal | Keywords: | |
Cc: | Architecture: | ||
Platform: |
Description
When updating an object to set custom headers and setting the "Access-Control-Allow-Origin" header, on download that header is clobbered to "x-object-meta-access-control-allow-origin". When setting this header using the Rackspace API, it does not get altered in any way.
To reproduce, open CD, connect to Swift, open a container and select an object, right-click Info, Metadata, add Custom Header:
name: "Access-Control-Allow-Origin" value: http://domain.foo
Then download the object:
curl -v http://cXXXX.rXX.cfX.rackcdn.com/filename * About to connect() to c3240.r40.cf2.rackcdn.com port 80 (#0) * Trying 96.17.106.113... connected <snip> < HTTP/1.1 200 OK < Server: nginx/0.7.65 < Content-Type: image/jpeg < Content-Length: 19251 < x-object-meta-access-control-allow-origin: http%3A%2F%2Fdomain.foo
Attachments (1)
Change History (14)
comment:1 Changed on Sep 2, 2011 at 3:59:22 PM by dkocher
- Component changed from core to cloudfiles
- Owner set to dkocher
comment:2 Changed on Sep 4, 2011 at 11:18:28 AM by dkocher
comment:3 follow-up: ↓ 4 Changed on Sep 4, 2011 at 1:08:43 PM by markdeverter
My bad, I meant to provide curl commands that showed normal API behavior.
# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg <snip> <html> <head> <title>202 Accepted</title> </head> <body> <h1>202 Accepted</h1> The request is accepted for processing.<br /><br /> </body> # curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg <snip> < HTTP/1.1 200 OK < Server: nginx/0.7.65 < Content-Type: image/jpeg < Content-Length: 122184 < Accept-Ranges: bytes < Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT < ETag: e7be17fec37f74c5e705543584ae6ddf < x-trans-id: tx50ca189c97f34230ad598fab05efcfae < access-control-allow-origin: https://domain.foo < Cache-Control: public, max-age=86400 < Expires: Mon, 05 Sep 2011 13:03:31 GMT < Date: Sun, 04 Sep 2011 13:03:31 GMT
comment:4 in reply to: ↑ 3 Changed on Sep 4, 2011 at 1:12:35 PM by dkocher
Replying to markdeverter:
My bad, I meant to provide curl commands that showed normal API behavior.
# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg <snip> <html> <head> <title>202 Accepted</title> </head> <body> <h1>202 Accepted</h1> The request is accepted for processing.<br /><br /> </body> # curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg <snip> < HTTP/1.1 200 OK < Server: nginx/0.7.65 < Content-Type: image/jpeg < Content-Length: 122184 < Accept-Ranges: bytes < Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT < ETag: e7be17fec37f74c5e705543584ae6ddf < x-trans-id: tx50ca189c97f34230ad598fab05efcfae < access-control-allow-origin: https://domain.foo < Cache-Control: public, max-age=86400 < Expires: Mon, 05 Sep 2011 13:03:31 GMT < Date: Sun, 04 Sep 2011 13:03:31 GMT
Thanks for the snipped. That is interesting as it is a undocumented feature from my knowledge. I will dig into this further.
comment:5 Changed on Sep 19, 2011 at 7:19:37 AM by dkocher
- Milestone set to 4.1.3
- Status changed from new to assigned
comment:6 Changed on Sep 19, 2011 at 8:53:56 AM by dkocher
See also Cloud Files Supports 12 New Headers.
comment:7 Changed on Sep 19, 2011 at 8:55:09 AM by dkocher
Duplicate issue in #6239.
Changed on Sep 19, 2011 at 9:40:31 AM by dkocher
comment:8 Changed on Sep 19, 2011 at 9:41:30 AM by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
In r9017.
comment:9 Changed on Sep 20, 2011 at 7:02:55 AM by dkocher
A new snapshot build is now available for Mac & Windows.
comment:10 Changed on May 25, 2013 at 2:57:32 PM by DmitriyTrt
- Resolution fixed deleted
- Status changed from closed to reopened
Still reproducible on version 4.3.1 (Windows) with CloudFiles. Setting "Access-Control-Allow-Origin" header produces "X-Object-Meta-Access-Control-Allow-Origin". Should I try some fresh builds?
comment:11 Changed on May 25, 2013 at 3:00:39 PM by dkocher
- Milestone changed from 4.1.3 to 4.3.2
- Status changed from reopened to new
This is a regression in current builds. See also #7209.
comment:12 Changed on May 25, 2013 at 3:20:27 PM by DmitriyTrt
Thank you! Using older version helps. I've tried 4.1.3 and headers are properly set.
comment:13 Changed on May 25, 2013 at 6:01:24 PM by dkocher
- Resolution set to duplicate
- Status changed from new to closed
I don't think that headers such access control headers or others such as Content-Encoding can be modified with a POST request which is for custom metadata only. I expect the Access-Control-Allow-Origin header would need to be added in the original PUT request when uploading the object. Can you post the HTTP transcript when setting this with another tool you succeed with?