Redirects in Che plugin registry not covered by Access-Control-Allow-Origin header
See original GitHub issueDescribe the bug
Che plugin registry configuration provides some redirections, eg.
http://<plugin-registry-che>/plugins/
redirects to http://<plugin-registry-che>/v3/plugins/
Using the redirect address would result in CORS violation
Access to XMLHttpRequest at ‘http://che-plugin-registry-che.10.108.127.216.nip.io//plugins/’ from origin ‘http://che-che.10.108.127.216.nip.io’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Reason is that the redirect address response does not have the Access-Control-Allow-Origin header.
[root@czprapd-chenext ~]# curl --head http://plugin-registry-che.10.108.127.216.nip.io/plugins/ HTTP/1.1 302 Found Server: openresty/1.15.8.2 Date: Fri, 21 Feb 2020 13:56:57 GMT Content-Type: text/html; charset=iso-8859-1 Connection: keep-alive Location: http://plugin-registry-che.10.108.127.216.nip.io/v3/plugins/
Only request directly to v3/plugins has the right header
[root@czprapd-chenext ~]# curl --head http://plugin-registry-che.10.108.127.216.nip.io/v3/plugins/ HTTP/1.1 200 OK Server: openresty/1.15.8.2 Date: Fri, 21 Feb 2020 13:56:47 GMT Content-Type: application/json Content-Length: 74388 Connection: keep-alive Vary: Accept-Encoding Accept-Ranges: bytes Access-Control-Allow-Origin: * Access-Control-Allow-Headers: Authorization Pragma: no-cache Cache-Control: max-age=0, no-cache, no-store, must-revalidate Expires: Mon, 10 Apr 1972 00:00:00 GMT
Please note that this is not just theoretical issue, since the redirect address is actually used if Che is deployed using chectl
with custom plugin registry provided by parameter --plugin-registry-url=
.
(see steps to reproduce)
Che version
- latest
- nightly
- other: please specify
Steps to reproduce
- Start Che with custom plugin registry URL, using command
chectl server:start --multiuser --platform=minikube --plugin-registry-url=http://<che-plugin-registry-URL>
- Login to Che
- Open Get Started view
- Choose any stack, perform Create & Proceed editing
- Error messages pop-up: Failed to load plugins. Failed to load editors.
- In browser console, error is shown:
Access to XMLHttpRequest at 'http://<che-plugin-registry-URL>//plugins/' from origin 'http://<che-che-URL>' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.
Expected behavior
Plugin registry should return contents even on provided redirect addresses.
Runtime
- kubernetes (include output of
kubectl version
) - Openshift (include output of
oc version
) - minikube (include output of
minikube version
andkubectl version
) - minishift (include output of
minishift version
andoc version
) - docker-desktop + K8S (include output of
docker version
andkubectl version
) - other: (please specify)
[root@czprapd-chenext ~]# minikube version minikube version: v1.6.2 commit: 54f28ac5d3a815d1196cd5d57d707439ee4bb392
[root@czprapd-chenext ~]# kubectl version Client Version: version.Info{Major:“1”, Minor:“17”, GitVersion:“v1.17.2”, GitCommit:“59603c6e503c87169aea6106f57b9f242f64df89”, GitTreeState:“clean”, BuildDate:“2020-01-18T23:30:10Z”, GoVersion:“go1.13.5”, Compiler:“gc”, Platform:“linux/amd64”} Server Version: version.Info{Major:“1”, Minor:“17”, GitVersion:“v1.17.0”, GitCommit:“70132b0f130acc0bed193d9ba59dd186f0e634cf”, GitTreeState:“clean”, BuildDate:“2019-12-07T21:12:17Z”, GoVersion:“go1.13.4”, Compiler:“gc”, Platform:“linux/amd64”}
Screenshots
Installation method
- chectl
- che-operator
- minishift-addon
- I don’t know
Environment
- my computer
- Windows
- Linux
- macOS
- Cloud
- Amazon
- Azure
- GCE
- other (please specify)
- other: custom VM, CentOS, minikube on docker
Additional context
Based on this documentation I was able to quick-fix this issue by modifying .htaccess file and providing always condition to Access-Control-Allow-Origin header
Header always set Access-Control-Allow-Origin “*”
This is my suggested fix for this issue
Issue Analytics
- State:
- Created 4 years ago
- Comments:13 (10 by maintainers)
Top GitHub Comments
@davidwindell I got the problem. I will try to provide a fix.
Issues go stale after
180
days of inactivity.lifecycle/stale
issues rot after an additional7
days of inactivity and eventually close.Mark the issue as fresh with
/remove-lifecycle stale
in a new comment.If this issue is safe to close now please do so.
Moderators: Add
lifecycle/frozen
label to avoid stale mode.