search

aws / aws-sdk-js

AWS SDK for JavaScript in the browser and Node.js
https://aws.amazon.com/developer/language/javascript/
Apache License 2.0
7.6k stars 1.55k forks source link

service "CloudSearchDomain" method "search" uses unsupported HTTP method OPTIONS for CORS #705

Closed GoodMirek closed 9 years ago

GoodMirek commented 9 years ago

This bug report is about aws-sdk, CloudSearch and CORS. Either there is a bad implementation of CORS in aws-sdk-js -or- CORS is not supported on CloudSearch and then there is a bug consisting of:

  1. aws-sdk-js improperly trying OPTIONS with service not supporting it instead of reporting an error
  2. and a bug in AWS documentation, as it is not mentioning that CloudSearch does not support CORS

Following code fails:

var cloudsearchdomain = new AWS.CloudSearchDomain({apiVersion: '2013-01-01', endpoint: 'search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com'});

cloudsearchdomain.search({query: 'test', size: 5}, function(err, data) {
  if (err) console.log(err, err.stack); // an error occurred
  else     console.log(data);           // successful response
});

In Chrome debug console, I see general info:

Remote Address:176.34.105.213:443
Request URL:https://search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com/2013-01-01/search?format=sdk&pretty=true&q=test&size=5
Request Method:OPTIONS
Status Code:400 Bad Request

Request headers:

OPTIONS /2013-01-01/search?format=sdk&pretty=true&q=test&size=5 HTTP/1.1
Host: search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com
Connection: keep-alive
Access-Control-Request-Method: GET
Origin: http://relimc-www-goodmirek.c9.io
User-Agent: Mozilla/5.0 (X11; Linux i686 (x86_64)) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/45.0.2454.85 Safari/537.36
Access-Control-Request-Headers: authorization, x-amz-content-sha256, x-amz-date, x-amz-user-agent
Accept: */*
DNT: 1
Referer: http://relimc-www-goodmirek.c9.io/hello-world.html
Accept-Encoding: gzip, deflate, sdch
Accept-Language: en,en-US;q=0.8

and response:

HTTP/1.1 400 Bad Request
Content-Type: application/json; charset=UTF-8
transfer-encoding: chunked
Connection: keep-alive

Then, browser complaints about CORS:

XMLHttpRequest cannot load https://search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com/2013-01-01/search?format=sdk&pretty=true&q=test&size=5. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://relimc-www-goodmirek.c9.io' is therefore not allowed access. The response had HTTP status code 400.

and subsequent GET fails:

XHR failed loading: GET "https://search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com/2013-01-01/search?format=sdk&pretty=true&q=test&size=5".

While using cURL the request succeds with HTTP GET method:

curl -X GET https://search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com/2013-01-01/search?q=test

but fails with HTTP OPTIONS method:

curl -X OPTIONS https://search-relimail-com-fnd7qnlyv6svrk5jenjuxafaye.eu-west-1.cloudsearch.amazonaws.com/2013-01-01/search?q=test
{"error":{"msg":"Unsupported method: OPTIONS for request com.a9.cs.util.ReusableRequestWrapper@4b474324","code":400}}
GoodMirek commented 9 years ago

After another research I have found this is outstanding issue for two years already. Would be nice to fix at least the documentation. https://forums.aws.amazon.com/thread.jspa?messageID=551510

lsegal commented 9 years ago

@GoodMirek the SDK does not implement CORS, it is a feature of your browser. If you are seeing this error, it means the CloudSearchDomain client does not support CORS. Note that this is mentioned in the guide as well as the docs for the command line browser builder new browser builder for the SDK (only CORS services have the globe icon). All of these docs explain that building a custom version of the SDK is primarily meant for usage outside of CORS environments. That said, this documentation could be made more explicit.

GoodMirek commented 9 years ago

@lsegal Thanks for your quick response. These links are useful, but if they explicitly mention that CORS is not supported by other than default services then it would be even clearer, at least to me. Also page with CloudSearch documentation API can mention that CloudSearch does not support CORS. The browser builder for the SDK is a new for me, would be great if can be referred from Building the SDK guide .

What is still not clear to me is why SDK tries to send HTTP OPTIONS request towards CloudSearch API, which seems not to support OPTIONS request at all. The OPTIONS request fails even in environment without CORS, see the CURL output in my first post.

lsegal commented 9 years ago

What is still not clear to me is why SDK tries to send HTTP OPTIONS request

The browser is sending this request, not the SDK. This is standard for any XHR request across domains. It is in no way controlled by the SDK and is enforced by the browser. You can learn more about the OPTIONS request on MDN's Cross-Origin Resource Sharing page.

GoodMirek commented 9 years ago

Thanks for the explanation of OPTIONS. I am sorry I did not know it and blamed AWS SDK.

Do you think the documentation improvements I have suggested could be implemented?

AdityaManohar commented 9 years ago

@GoodMirek I've updated the developer guide to include information about the SDK builder. Thanks for reporting!

lock[bot] commented 5 years ago

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs and link to relevant comments in this thread.