Cyberduck Mountain Duck CLI

Opened 7 years ago

Closed 6 years ago

#6191 closed defect (duplicate)

Swift: Setting "Access-Control-Allow-Origin" header

Reported by: markdeverter Owned by: dkocher
Priority: normal Milestone: 4.4
Component: cloudfiles Version: 4.1
Severity: normal Keywords:
Cc: Architecture:
Platform:

Description

When updating an object to set custom headers and setting the "Access-Control-Allow-Origin" header, on download that header is clobbered to "x-object-meta-access-control-allow-origin". When setting this header using the Rackspace API, it does not get altered in any way.

To reproduce, open CD, connect to Swift, open a container and select an object, right-click Info, Metadata, add Custom Header:

name: "Access-Control-Allow-Origin"
value: http://domain.foo

Then download the object:

curl -v http://cXXXX.rXX.cfX.rackcdn.com/filename
* About to connect() to c3240.r40.cf2.rackcdn.com port 80 (#0)
*   Trying 96.17.106.113... connected
<snip> 
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 19251
< x-object-meta-access-control-allow-origin: http%3A%2F%2Fdomain.foo 

Attachments (1)

Allow_setting_non_meta_headers.patch (16.1 KB) - added by dkocher 7 years ago.

Download all attachments as: .zip

Change History (14)

comment:1 Changed 7 years ago by dkocher

  • Component changed from core to cloudfiles
  • Owner set to dkocher

comment:2 Changed 7 years ago by dkocher

I don't think that headers such access control headers or others such as Content-Encoding can be modified with a POST request which is for custom metadata only. I expect the Access-Control-Allow-Origin header would need to be added in the original PUT request when uploading the object. Can you post the HTTP transcript when setting this with another tool you succeed with?

comment:3 follow-up: Changed 7 years ago by markdeverter

My bad, I meant to provide curl commands that showed normal API behavior.

# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg

<snip>
<html>
 <head>
  <title>202 Accepted</title>
 </head>
 <body>
  <h1>202 Accepted</h1>
  The request is accepted for processing.<br /><br />
</body>

# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg

<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT

comment:4 in reply to: ↑ 3 Changed 7 years ago by dkocher

Replying to markdeverter:

My bad, I meant to provide curl commands that showed normal API behavior.

# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg

<snip>
<html>
 <head>
  <title>202 Accepted</title>
 </head>
 <body>
  <h1>202 Accepted</h1>
  The request is accepted for processing.<br /><br />
</body>

# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg

<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT

Thanks for the snipped. That is interesting as it is a undocumented feature from my knowledge. I will dig into this further.

comment:5 Changed 7 years ago by dkocher

  • Milestone set to 4.1.3
  • Status changed from new to assigned

comment:7 Changed 7 years ago by dkocher

Duplicate issue in #6239.

Changed 7 years ago by dkocher

comment:8 Changed 7 years ago by dkocher

  • Resolution set to fixed
  • Status changed from assigned to closed

In r9017.

comment:9 Changed 7 years ago by dkocher

A new snapshot build is now available for Mac & Windows.

comment:10 Changed 6 years ago by DmitriyTrt

  • Resolution fixed deleted
  • Status changed from closed to reopened

Still reproducible on version 4.3.1 (Windows) with CloudFiles. Setting "Access-Control-Allow-Origin" header produces "X-Object-Meta-Access-Control-Allow-Origin". Should I try some fresh builds?

comment:11 Changed 6 years ago by dkocher

  • Milestone changed from 4.1.3 to 4.3.2
  • Status changed from reopened to new

This is a regression in current builds. See also #7209.

comment:12 Changed 6 years ago by DmitriyTrt

Thank you! Using older version helps. I've tried 4.1.3 and headers are properly set.

comment:13 Changed 6 years ago by dkocher

  • Resolution set to duplicate
  • Status changed from new to closed
Note: See TracTickets for help on using tickets.
swiss made software