Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS headers #1494

Closed
dvv opened this issue May 24, 2013 · 8 comments
Closed

CORS headers #1494

dvv opened this issue May 24, 2013 · 8 comments
Assignees
@lvca
Milestone
1.4.0

Comments

@dvv
Copy link
Contributor

dvv commented May 24, 2013

Sorry, can't find where github has hidden search for issues.

In my setup CORS doesn't work.
Static page at server.foo operates base at server.foo:2480.
Chrome 24 on windows.
Latest orientdb.
Preflight OPTIONS returns 204.

I uncommented the following in orientdb config:

and it serves said headers twice:
Access-Control-Allow-Origin: *, *
Access-Control-Allow-Credentials: true, true

I hope correcting them could help me advance.

What is wrong there?
@dvv
Copy link
Contributor Author

dvv commented May 27, 2013

Any pointers? TIA

@lvca
Copy link
Member

lvca commented May 27, 2013

So what's the problem? the double * and true?

@dvv
Copy link
Contributor Author

dvv commented May 27, 2013

Yep. And the result is CORS AJAX failing.
I scanned the sources but found no evident point where they may double.

@dvv
Copy link
Contributor Author

dvv commented Jun 6, 2013

Sorry to push, any chance to cope with this?

@lvca
Copy link
Member

lvca commented Jun 6, 2013

In order to fix it today and put in 1.4 can you help me to reproduce the problem?

@dvv
Copy link
Contributor Author

dvv commented Jun 6, 2013

Sure. As I reported in the original post -- Chrome 24, Windows -- AJAX call issues OPTIONS preflight. Here are the details:

Request URL:http://tvr-fs:2480/document/hypo/
Request Method:OPTIONS
Status Code:204 OK

Accept:*/*
Accept-Charset:UTF-8,*;q=0.5
Accept-Encoding:gzip,deflate,sdch
Accept-Language:ru-RU,ru;q=0.8,en-US;q=0.6,en;q=0.4
Access-Control-Request-Headers:accept, origin, authorization, content-type
Access-Control-Request-Method:POST
Connection:keep-alive
DNT:1
Host:tvr-fs:2480
Origin:http://tvr-fs
Referer:http://tvr-fs/hypo/
User-Agent:Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.17 (KHTML, like Gecko) Chrome/24.0.1312.57 Safari/537.17

Response

Access-Control-Allow-Credentials:true
Access-Control-Allow-Credentials:true
Access-Control-Allow-Headers:if-modified-since, content-type, authorization, x-requested-with
Access-Control-Allow-Methods:POST, GET, PUT, DELETE, OPTIONS
Access-Control-Allow-Origin:*
Access-Control-Allow-Origin:*
Access-Control-Max-Age:1728000
Cache-Control:no-cache, no-store, max-age=0, must-revalidate
Connection:Keep-Alive
Content-Length:0
Content-Type:text/plain; charset=utf-8
Date:Tue Jun 04 14:51:51 MSK 2013
Pragma:no-cache
Server:OrientDB Server v.1.4.0-SNAPSHOT (build UNKNOWN@r${buildNumber}; 20130603-1811)
Set-Cookie:OSESSIONID=-; Path=/; HttpOnly

@dvv
Copy link
Contributor Author

dvv commented Jun 6, 2013

Stripped down test case: from a browser console do

$.ajax({type: 'POST', url: 'http://SERVER:2480/command/hypo/sql', data: 'select * from TABLE', headers: {authorization: 'basic YWRtaW46YWRtaW4='}})

@ghost ghost assigned lvca Jun 6, 2013
lvca added a commit that referenced this issue Jun 6, 2013
@lvca
Fixed issue #1494
cb420fd
@lvca lvca closed this as completed Jun 6, 2013
@dvv
Copy link
Contributor Author

dvv commented Jun 6, 2013

Excellent. Thank you!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@lvca lvca

Labels
None yet
Milestone
1.4.0
Development

No branches or pull requests
2 participants
@dvv @lvca