Cyberduck Mountain Duck CLI

#6191 closed defect (duplicate)

Swift: Setting "Access-Control-Allow-Origin" header

Reported by: markdeverter Owned by: dkocher
Priority: normal Milestone: 4.4
Component: cloudfiles Version: 4.1
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

When updating an object to set custom headers and setting the "Access-Control-Allow-Origin" header, on download that header is clobbered to "x-object-meta-access-control-allow-origin". When setting this header using the Rackspace API, it does not get altered in any way.

To reproduce, open CD, connect to Swift, open a container and select an object, right-click Info, Metadata, add Custom Header:

name: "Access-Control-Allow-Origin"
value: http://domain.foo

Then download the object:

curl -v http://cXXXX.rXX.cfX.rackcdn.com/filename
* About to connect() to c3240.r40.cf2.rackcdn.com port 80 (#0)
*   Trying 96.17.106.113... connected
<snip> 
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 19251
< x-object-meta-access-control-allow-origin: http%3A%2F%2Fdomain.foo 

Attachments (1)

Allow_setting_non_meta_headers.patch (16.1 KB) - added by dkocher on Sep 19, 2011 at 9:40:31 AM.

Download all attachments as: .zip

Change History (14)

comment:1 Changed on Sep 2, 2011 at 3:59:22 PM by dkocher

  • Component changed from core to cloudfiles
  • Owner set to dkocher

comment:2 Changed on Sep 4, 2011 at 11:18:28 AM by dkocher

I don't think that headers such access control headers or others such as Content-Encoding can be modified with a POST request which is for custom metadata only. I expect the Access-Control-Allow-Origin header would need to be added in the original PUT request when uploading the object. Can you post the HTTP transcript when setting this with another tool you succeed with?

comment:3 follow-up: Changed on Sep 4, 2011 at 1:08:43 PM by markdeverter

My bad, I meant to provide curl commands that showed normal API behavior.

# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg

<snip>
<html>
 <head>
  <title>202 Accepted</title>
 </head>
 <body>
  <h1>202 Accepted</h1>
  The request is accepted for processing.<br /><br />
</body>

# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg

<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT

comment:4 in reply to: ↑ 3 Changed on Sep 4, 2011 at 1:12:35 PM by dkocher

Replying to markdeverter:

My bad, I meant to provide curl commands that showed normal API behavior.

# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg

<snip>
<html>
 <head>
  <title>202 Accepted</title>
 </head>
 <body>
  <h1>202 Accepted</h1>
  The request is accepted for processing.<br /><br />
</body>

# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg

<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT

Thanks for the snipped. That is interesting as it is a undocumented feature from my knowledge. I will dig into this further.

comment:5 Changed on Sep 19, 2011 at 7:19:37 AM by dkocher

  • Milestone set to 4.1.3
  • Status changed from new to assigned

comment:7 Changed on Sep 19, 2011 at 8:55:09 AM by dkocher

Duplicate issue in #6239.

comment:8 Changed on Sep 19, 2011 at 9:41:30 AM by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r9017.

comment:9 Changed on Sep 20, 2011 at 7:02:55 AM by dkocher

A new snapshot build is now available for Mac & Windows.

comment:10 Changed on May 25, 2013 at 2:57:32 PM by DmitriyTrt

  • Resolution fixed deleted
  • Status changed from closed to reopened

Still reproducible on version 4.3.1 (Windows) with CloudFiles. Setting "Access-Control-Allow-Origin" header produces "X-Object-Meta-Access-Control-Allow-Origin". Should I try some fresh builds?

comment:11 Changed on May 25, 2013 at 3:00:39 PM by dkocher

  • Milestone changed from 4.1.3 to 4.3.2
  • Status changed from reopened to new

This is a regression in current builds. See also #7209.

comment:12 Changed on May 25, 2013 at 3:20:27 PM by DmitriyTrt

Thank you! Using older version helps. I've tried 4.1.3 and headers are properly set.

comment:13 Changed on May 25, 2013 at 6:01:24 PM by dkocher

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
swiss made software