Open danlamanna opened 7 years ago
these settings may have to be tested from the client side
Either that, or we can just use boto to grab the CORS configuration from the bucket and then validate it. Not sure if getting the CORS policy document requires special permission on the bucket, though.
EDIT: This function is the one I'm referring to.
The issue is boto and server side python won't know if the client actually needs a proper CORS policy, can it? Only the web client has that stipulation.
On Fri, Jul 14, 2017 at 12:26 PM, Zach Mullen notifications@github.com wrote:
these settings may have to be tested from the client side
Either that, or we can just use boto to grab the CORS configuration from the bucket and then validate it. Not sure if getting the CORS policy document requires special permission on the bucket, though.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/girder/girder/issues/2186#issuecomment-315403729, or mute the thread https://github.com/notifications/unsubscribe-auth/AAlH5cc-pVkeXHMITbEqwV8KRall6HQzks5sN5bIgaJpZM4OYcjS .
-- Dan LaManna Kitware, Inc.
We can validate whether the CORS policy on the bucket is configured to allow CORS, including allowing the headers and methods needed by Girder direct-to-S3 uploads from the browser. Or am I missing something?
Nope, I misunderstood you.
On Fri, Jul 14, 2017 at 12:43 PM, Zach Mullen notifications@github.com wrote:
We can validate whether the CORS policy on the bucket is configured to allow CORS, including allowing the headers and methods needed by Girder direct-to-S3 uploads from the browser. Or am I missing something?
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/girder/girder/issues/2186#issuecomment-315407431, or mute the thread https://github.com/notifications/unsubscribe-auth/AAlH5XR8w5eQ4OImEYaOBjn3DJgomE2Yks5sN5qpgaJpZM4OYcjS .
-- Dan LaManna Kitware, Inc.
+1, just ran into this
See #2132 for additional context:
To get even more pedantic, these settings may have to be tested from the client side to avoid a false positive in the event of a non web-client install of Girder.