search

HDFGroup / hsds

Cloud-native, service based access to HDF data
https://www.hdfgroup.org/solutions/hdf-kita/
Apache License 2.0
128 stars 52 forks source link

CORS broken for PUSH/DELETE on /groups, /datasets, /datatypes #92

Closed xaxis-ii closed 2 years ago

xaxis-ii commented 3 years ago

CORS preflight requests to /groups, /datasets or /datatypes fail when sent from browser or curl (using for example

curl -H "Origin: http://example.com"   -H "Access-Control-Request-Method: POST"   -H "Access-Control-Request-Headers: authorization"   -X OPTIONS --verbose   http://localhost:5101/groups

This seems to be an issue with the aiohttp_cors library, and overriding the default accepted methods (by changing line 106 of hsds/servicenode.py to 

        cors = aiohttp_cors.setup(app, defaults={cors_domain: aiohttp_cors.ResourceOptions(allow_credentials=True, expose_headers="*", allow_headers="*", allow_methods=["POST", "PUT", "GET", "DELETE"])})

seems to fix it. I suspected the route /groups might be clashing with /groups/, but disabling the latter didn't help.

Running on Debian 10, POSIX-based storage, via docker (with 6 service nodes and 2 data nodes).

loichuder commented 2 years ago

Makes sense, thanks for the proposed fix !