search

apache / cloudstack

Apache CloudStack is an opensource Infrastructure as a Service (IaaS) cloud computing platform
https://cloudstack.apache.org/
Apache License 2.0
1.97k stars 1.09k forks source link

SSVM should set correct headers on both HTTP and HTTPS #9366

Open salfers opened 1 month ago

salfers commented 1 month ago
ISSUE TYPE
COMPONENT NAME
Secondary Storage VM
CLOUDSTACK VERSION
verified on 4.19.0.1
CONFIGURATION

n/a

OS / ENVIRONMENT

n/a

SUMMARY

For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like Access-Control-Allow-Origin are set.

These headers are set here: https://github.com/apache/cloudstack/blob/cea4801be180c4e54a16e0553c8f393c70055412/systemvm/debian/opt/cloud/bin/setup/secstorage.sh#L53-L78 (commit ac2857158d8b00218cfe5217976e138b469096ad)

However depending on use.https.to.upload the headers will be set either only for http or only for https connections. In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.

I see no reason for this behavior and the headers should be simply be set for both protocols. I can prepare a pull request with changes if you accept this idea.

DaanHoogland commented 1 month ago

Sounds good @salfers , we just need to check backwards compatibility but I foresee no problems