UST-QuAntiL / qhana-backend

The new REST backend for QHAna (see also qhana-plugin-runner)
Apache License 2.0
1 stars 2 forks source link

CORS header ‘Access-Control-Allow-Origin’ missing when using Firefox or Safari #14

Closed PhilWun closed 2 years ago

PhilWun commented 2 years ago

When trying to visualize a CSV file the request to the backend fails because of a missing Access-Control-Allow-Origin header. Specifically the request to http://localhost:9090/experiments/1/data/PositiveSubset5.csv/download?version=1 fails. This appears to happen in Firefox and Safari.

image

The console shows the following error

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:9090/experiments/1/data/PositiveSubset5.csv/download?version=1. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing). Status code: 204.

One difference is that Firefox and Safari set Origin: http://localhost:5005 while Vivalid and Chrome don't set the Origin header.

PhilWun commented 2 years ago

The problem is still happening. It seems like Firefox does a preflight request with OPTIONS and the response contains only these headers:

HTTP/1.1 204 No Content allow: GET, OPTIONS server: ballerina date: Mon, 23 May 2022 07:52:01 GMT

Chrome doesn't seem to do an OPTIONS request and sends directly a GET request. The response of the GET request contains all necessary headers.

buehlefs commented 2 years ago

This should now be finally fixed once and for all (until we discover a new header that needs to be allowed for cors).

For the future: The firefox console lists which header is not allowed and thus blocks the cors request. This info is not shown in the network analysis tab...