CORS headers not sent for some redirects #8501

ghost · 2021-10-09T00:14:28Z

Checklist

This is a bug report, not a question. Ask questions on discuss.ipfs.io.
I have searched on the issue tracker for my bug.
I am running the latest go-ipfs version or have an issue updating.

Installation method

ipfs-update or dist.ipfs.io

Version

go-ipfs version: 0.10.0
Repo version: 11
System version: amd64/linux
Golang version: go1.16.8

Config

No response

Description

cors headers are properly sent for redirects to ipfs.localhost:8080:

$ curl -I localhost:8080/ipfs/QmVCYUK51Miz4jEjJxCq3bA6dfq5FXD6s2EYp6LjHQhGmh/meta
HTTP/1.1 301 Moved Permanently
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Headers: Range
Access-Control-Allow-Headers: User-Agent
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Range
Access-Control-Expose-Headers: X-Chunked-Output
Access-Control-Expose-Headers: X-Stream-Output
Cache-Control: public, max-age=29030400, immutable
Content-Length: 26
Content-Type: application/octet-stream
Etag: "QmbaoVNrRZjpxjEYe96qMbPQGk6yHG3az5izWbxurQ7L1F"
Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT
Location: http://bafybeidf5yn56cxk6zkyjmay4wigu2o7ynqh7q62z3kppag5v7jpqavy5q.ipfs.localhost:8080/meta
X-Ipfs-Path: /ipfs/QmVCYUK51Miz4jEjJxCq3bA6dfq5FXD6s2EYp6LjHQhGmh/meta
Date: Sat, 09 Oct 2021 00:11:06 GMT

and cors headers are properly sent according to the configuration for properly-formatted paths:

$ curl -I -H 'host: bafybeidf5yn56cxk6zkyjmay4wigu2o7ynqh7q62z3kppag5v7jpqavy5q.ipfs.localhost:8080' localhost:8080/meta
HTTP/1.1 200 OK
Accept-Ranges: bytes
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Headers: Range
Access-Control-Allow-Headers: User-Agent
Access-Control-Allow-Headers: X-Requested-With
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Content-Range
Access-Control-Expose-Headers: X-Chunked-Output
Access-Control-Expose-Headers: X-Stream-Output
Cache-Control: public, max-age=29030400, immutable
Content-Length: 26
Content-Type: application/octet-stream
Etag: "QmbaoVNrRZjpxjEYe96qMbPQGk6yHG3az5izWbxurQ7L1F"
Last-Modified: Thu, 01 Jan 1970 00:00:01 GMT
X-Ipfs-Path: /ipfs/bafybeidf5yn56cxk6zkyjmay4wigu2o7ynqh7q62z3kppag5v7jpqavy5q/meta
Date: Sat, 09 Oct 2021 00:06:00 GMT

but if there is an extra / in the path, the headers are NOT sent:

$ curl -I localhost:8080/ipfs/QmVCYUK51Miz4jEjJxCq3bA6dfq5FXD6s2EYp6LjHQhGmh//meta
HTTP/1.1 301 Moved Permanently
Content-Type: text/html; charset=utf-8
Location: /ipfs/QmVCYUK51Miz4jEjJxCq3bA6dfq5FXD6s2EYp6LjHQhGmh/meta
Date: Sat, 09 Oct 2021 00:13:09 GMT

This took hours for me to figure out why I couldn't fetch() from a localhost domain to the daemon running on localhost:8080 despite my configuration with CORS enabled.

The text was updated successfully, but these errors were encountered:

ghost added kind/bug A bug in existing code (including security flaws) need/triage Needs initial labeling and prioritization labels Oct 9, 2021

aschmahmann assigned lidel Nov 19, 2021

lidel mentioned this issue Apr 15, 2022

HTTP Headers Cleanup: API and Gateway ipfs/in-web-browsers#132

Open

22 tasks

guseggert added P2 Medium: Good to have, but can wait until someone steps up topic/gateway Topic gateway and removed need/triage Needs initial labeling and prioritization labels Aug 5, 2022

guseggert added this to the Best Effort Track milestone Aug 5, 2022

BigLep unassigned lidel Nov 17, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CORS headers not sent for some redirects #8501

CORS headers not sent for some redirects #8501

ghost commented Oct 9, 2021

CORS headers not sent for some redirects #8501

CORS headers not sent for some redirects #8501

Comments

ghost commented Oct 9, 2021

Checklist

Installation method

Version

Config

Description