search

datopian / datahub-qa

:package: Bugs, issues and suggestions for datahub.io
https://datahub.io/
32 stars 6 forks source link

Cannot access dataset files cross origin (no CORS) #44

Closed rufuspollock closed 6 years ago

rufuspollock commented 6 years ago

Files in the pkg store are supposed to have CORS support turned on so that cross origin http requests work from javascript. However, it looks like this is not working atm which is breaking this site for example: http://rufuspollock.github.io/imf-weo/

image

zelima commented 6 years ago

I checked pkgstore and CORS is fine there. That should also confirm the fact that frontend is not complaining about CORS 

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

I think the problem should be in redirection - redirecting URL must also include an Access-Control-Allow-Origin header. Not sure this Is happening

zelima commented 6 years ago

FIXED. now there's another error: 

Uncaught TypeError: Cannot read property 'result' of undefined
rufuspollock commented 6 years ago

@zelima the fact the frontend is not complaining does not mean anything since frontend and pkgstore are on the same domain so you won't get CORs issues ...

zelima commented 6 years ago

@rufuspollock Digging a bit more in this. So it seems one should include Origin in request header other ways S3 doesn't treat the request as a cross-origin request and doesn't send CORS response headers in the response. From their docs https://docs.aws.amazon.com/AmazonS3/latest/dev/cors-troubleshooting.html

If you encounter unexpected behavior while accessing buckets set with the CORS configuration, try the following steps to troubleshoot: ...

  1. Capture the complete request and response using a tool of your choice. For each request Amazon S3 receives, there must be a CORS rule that matches the data in your request, as follows:

Verify that the request has the Origin header.

If the header is missing, Amazon S3 doesn't treat the request as a cross-origin request, and doesn't send CORS response headers in the response.

To verify:

Does not include CORS: 

curl -I -X GET --verbose https://pkgstore.datahub.io/core/country-codes/country-codes_json/data/471a2e653140ecdd7243cdcacfd66608/country-codes_json.json

Does include: 

curl -I -X GET -H "Origin: foo" --verbose https://pkgstore.datahub.io/core/country-codes/country-codes_json/data/471a2e653140ecdd7243cdcacfd66608/country-codes_json.json
anuveyatsu commented 6 years ago

Since the last commit, the example in the description doesn't return CORS error (there are some other errors probably not related to CORS):

screen shot 2018-07-16 at 19 47 52
zelima commented 6 years ago

@anuveyatsu great! Same for me (but for me it never actually was an issue - graph was loading fine)

Closing this as FIXED. @rufuspollock please double check and reopen if still an issue