Cyberduck
Mountain Duck
CLIOpened 7 years ago
Closed 5 years ago
#6191 closed defect (duplicate)
Swift: Setting "Access-Control-Allow-Origin" header
| Reported by: | markdeverter | Owned by: | dkocher |
|---|---|---|---|
| Priority: | normal | Milestone: | 4.4 |
| Component: | cloudfiles | Version: | 4.1 |
| Severity: | normal | Keywords: | |
| Cc: | Architecture: | ||
| Platform: |
Description
When updating an object to set custom headers and setting the "Access-Control-Allow-Origin" header, on download that header is clobbered to "x-object-meta-access-control-allow-origin". When setting this header using the Rackspace API, it does not get altered in any way.
To reproduce, open CD, connect to Swift, open a container and select an object, right-click Info, Metadata, add Custom Header:
name: "Access-Control-Allow-Origin" value: http://domain.foo
Then download the object:
curl -v http://cXXXX.rXX.cfX.rackcdn.com/filename * About to connect() to c3240.r40.cf2.rackcdn.com port 80 (#0) * Trying 96.17.106.113... connected <snip> < HTTP/1.1 200 OK < Server: nginx/0.7.65 < Content-Type: image/jpeg < Content-Length: 19251 < x-object-meta-access-control-allow-origin: http%3A%2F%2Fdomain.foo
Attachments (1)
Change History (14)
comment:1 Changed 7 years ago by dkocher
- Component changed from core to cloudfiles
- Owner set to dkocher
comment:2 Changed 7 years ago by dkocher
comment:3 follow-up: ↓ 4 Changed 7 years ago by markdeverter
My bad, I meant to provide curl commands that showed normal API behavior.
# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg
<snip>
<html>
<head>
<title>202 Accepted</title>
</head>
<body>
<h1>202 Accepted</h1>
The request is accepted for processing.<br /><br />
</body>
# curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg
<snip>
< HTTP/1.1 200 OK
< Server: nginx/0.7.65
< Content-Type: image/jpeg
< Content-Length: 122184
< Accept-Ranges: bytes
< Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT
< ETag: e7be17fec37f74c5e705543584ae6ddf
< x-trans-id: tx50ca189c97f34230ad598fab05efcfae
< access-control-allow-origin: https://domain.foo
< Cache-Control: public, max-age=86400
< Expires: Mon, 05 Sep 2011 13:03:31 GMT
< Date: Sun, 04 Sep 2011 13:03:31 GMT
comment:4 in reply to: ↑ 3 Changed 7 years ago by dkocher
Replying to markdeverter:
My bad, I meant to provide curl commands that showed normal API behavior.
# curl -v -H "X-Auth-Token: {token}" -X POST -H "Access-Control-Allow-Origin: https://domain.foo" https://storage101.ord1.clouddrive.com/v1/{account}/{container}/clown.jpg <snip> <html> <head> <title>202 Accepted</title> </head> <body> <h1>202 Accepted</h1> The request is accepted for processing.<br /><br /> </body> # curl -v http://cXXXX.rXX.cf2.rackcdn.com/clown.jpg <snip> < HTTP/1.1 200 OK < Server: nginx/0.7.65 < Content-Type: image/jpeg < Content-Length: 122184 < Accept-Ranges: bytes < Last-Modified: Sun, 04 Sep 2011 12:58:47 GMT < ETag: e7be17fec37f74c5e705543584ae6ddf < x-trans-id: tx50ca189c97f34230ad598fab05efcfae < access-control-allow-origin: https://domain.foo < Cache-Control: public, max-age=86400 < Expires: Mon, 05 Sep 2011 13:03:31 GMT < Date: Sun, 04 Sep 2011 13:03:31 GMT
Thanks for the snipped. That is interesting as it is a undocumented feature from my knowledge. I will dig into this further.
comment:5 Changed 7 years ago by dkocher
- Milestone set to 4.1.3
- Status changed from new to assigned
comment:6 Changed 7 years ago by dkocher
See also Cloud Files Supports 12 New Headers.
comment:7 Changed 7 years ago by dkocher
Duplicate issue in #6239.
Changed 7 years ago by dkocher
comment:8 Changed 7 years ago by dkocher
- Resolution set to fixed
- Status changed from assigned to closed
In r9017.
comment:9 Changed 7 years ago by dkocher
A new snapshot build is now available for Mac & Windows.
comment:10 Changed 5 years ago by DmitriyTrt
- Resolution fixed deleted
- Status changed from closed to reopened
Still reproducible on version 4.3.1 (Windows) with CloudFiles. Setting "Access-Control-Allow-Origin" header produces "X-Object-Meta-Access-Control-Allow-Origin". Should I try some fresh builds?
comment:11 Changed 5 years ago by dkocher
- Milestone changed from 4.1.3 to 4.3.2
- Status changed from reopened to new
This is a regression in current builds. See also #7209.
comment:12 Changed 5 years ago by DmitriyTrt
Thank you! Using older version helps. I've tried 4.1.3 and headers are properly set.
comment:13 Changed 5 years ago by dkocher
- Resolution set to duplicate
- Status changed from new to closed
I don't think that headers such access control headers or others such as Content-Encoding can be modified with a POST request which is for custom metadata only. I expect the Access-Control-Allow-Origin header would need to be added in the original PUT request when uploading the object. Can you post the HTTP transcript when setting this with another tool you succeed with?