Skip to content
This repository has been archived by the owner on Mar 22, 2018. It is now read-only.

Fixes for CORS implementation #170

Merged
merged 2 commits into from
Mar 18, 2018
Merged

Fixes for CORS implementation #170

merged 2 commits into from
Mar 18, 2018

Conversation

julienr
Copy link
Contributor

@julienr julienr commented Mar 18, 2018

This fixes two issues with the CORS implementation in azurite.

Without this, CORS doesn't work when testing on azurite even though it works when testing on the live blobstore. I'm using azurite master on OSX with node v8.4.0 .

The first issue can be reproduced by using the script below which will result in a failed destructuring assignment “TypeError: Cannot match against 'undefined' or 'null’.”


# Create the container
#az storage container create \
#    --name 'userblobs' \
#    --connection-string 'DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;BlobEndpoint=http://127.0.0.1:10000/devstoreaccount1;'


CORS_XML="
<?xml version="1.0" encoding="utf-8"?>  
<StorageServiceProperties> 
    <Cors>  
        <CorsRule>  
            <AllowedOrigins>*</AllowedOrigins>  
            <AllowedMethods>PUT,POST,GET,HEAD,OPTIONS</AllowedMethods>  
            <MaxAgeInSeconds>200</MaxAgeInSeconds>  
            <ExposedHeaders>*</ExposedHeaders>  
            <AllowedHeaders>*</AllowedHeaders>  
        </CorsRule>  
    </Cors> 
</StorageServiceProperties> 
"

curl -X PUT \
    -H 'Accept: application/xml' \
    -H 'Content-Type: application/xml' \
    -d "$CORS_XML" \
    http://127.0.0.1:10000/devstoreaccount1?restype=service\&comp=properties


curl -H "Origin: http://localhost:8080" \
     -H "Access-Control-Request-Method: PUT" \
     -H "Access-Control-Request-Headers: x-ms-blob-content-disposition,x-ms-blob-type" \
     -X OPTIONS --verbose \
     http://127.0.0.1:10000/devstoreaccount1/userblobs/rasters/387dcec91bd8493ba9b8cd4cc3bb521d/example_1.tif\?se\=2018-03-17T16%3A22%3A51Z\&sp\=w\&sv\=2017-07-29\&sr\=b\&sig\=YhIBWOVv/G4XfWnowBVG9U2oLUeIbIcBqm9c7b0wzew%3D

The second issue can only be reproduced when testing CORS from a browser and is due to the fact that azurite wouldn't set the Access-Control-Allow-Headers on its response to the preflight request, making the browser believe CORS is disallowed.

julienr added 2 commits March 17, 2018 17:14
@julienr
Fix issue where CORS preflight request would fail
7298126 
Without this fix, doing a CORS OPTIONS preflight request results in
a “TypeError: Cannot match against 'undefined' or 'null’.” because
PreflightBlobRequest creates an AzuriteResponse without argument.
@julienr
Correctly send back Access-Control-Allow-Headers in CORS preflight
eba8a87 
Without this, the browser would fail the request complaining that no
headers were allowed.
@arafato arafato merged commit 09b6b6e into arafato:master Mar 18, 2018
@arafato
Copy link
Owner

arafato commented Mar 18, 2018

@julienr this is really awesome! Thanks a lot for the fix. Will release as part of v2.6.2.

@julienr
Copy link
Contributor Author

julienr commented Mar 20, 2018

Thanks for the quick merge !

@julienr julienr deleted the cors_fix branch March 20, 2018 20:21
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@julienr @arafato