For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like Access-Control-Allow-Origin are set.
However depending on use.https.to.upload the headers will be set either only for http or only for https connections.
In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.
I see no reason for this behavior and the headers should be simply be set for both protocols.
I can prepare a pull request with changes if you accept this idea.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
n/a
OS / ENVIRONMENT
n/a
SUMMARY
For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like
Access-Control-Allow-Origin
are set.These headers are set here: https://github.com/apache/cloudstack/blob/cea4801be180c4e54a16e0553c8f393c70055412/systemvm/debian/opt/cloud/bin/setup/secstorage.sh#L53-L78 (commit ac2857158d8b00218cfe5217976e138b469096ad)
However depending on
use.https.to.upload
the headers will be set either only for http or only for https connections. In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.I see no reason for this behavior and the headers should be simply be set for both protocols. I can prepare a pull request with changes if you accept this idea.