search

OSGeo / PROJ-data

Repository for proj datum grids (for use by PROJ 7 or later)
Other
72 stars 33 forks source link

https://cdn.proj.org response headers are missing in case of CORS #96

Closed aharondavid closed 1 year ago

aharondavid commented 1 year ago

95 still open.

In case of CORS, the following headers are missing from https://cdn.proj.org response:

  1. 'Content-Range'
  2. 'Last-Modified'
  3. 'ETag'

They are crucial for proj_network_get_header_value_cbk_type As I wrote in #95, I think that the Access-Control-Expose-Headers should be set to '*' or explicitly add those headers

connormanning commented 1 year ago

@rouault mentioned in #95 that * isn't allowed for that value, so adding them manually seems to be the only way. A more full list which is equivalent to * (skipping implementation-specific headers starting with x-) would be:

accept-ranges
age
content-length
content-range
content-type
date
etag
last-modified
server
vary
via

Adding just the 3 headers listed above seems reasonable to me, but alternatively this whole list could be added for future-proofing against other similar issues.

rouault commented 1 year ago

CORS config changed to:

[
    {
        "AllowedHeaders": [
            "Authorization",
            "Range"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [
            "accept-ranges",
            "age",
            "content-length",
            "content-range",
            "content-type",
            "date",
            "etag",
            "last-modified",
            "server",
            "vary",
            "via"
        ],
        "MaxAgeSeconds": 3000
    }
]
aharondavid commented 1 year ago

Thanks!