Project

General

Profile

Bug #8861

CORS issues with Apache caches

Added by Lauren Walker almost 4 years ago. Updated almost 4 years ago.

Status:
Closed
Priority:
Normal
Assignee:
Category:
d1_cn_buildout
Target version:
-
Start date:
2020-04-22
Due date:
% Done:

100%

Milestone:
None
Product Version:
*
Story Points:
Sprint:

Description

I have noticed that CORS calls to resources that are cached via Apache caches sometimes return an error, for example:

Access to XMLHttpRequest at 'https://search-stage.test.dataone.org/cn/v2/node' from origin 'http://localhost:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value ''.

This error was also being returned from the DataONE metrics service, which uses an Apache cache.

The solution:

Add the Header merge Vary Origin directory to the CN Apache config, so that Apache will check the Origin header on each request. Without this, Apache will use the cached Origin from the last cache response. This cached origin may vary from the origin currently being sent with the new request.

I tested this solution on CN Stage, (and the metrics service), and it worked. I will update cn-buildout and the production CN

History

#1 Updated by Lauren Walker almost 4 years ago

  • % Done changed from 30 to 100
  • Status changed from In Progress to Closed

Also available in: Atom PDF

Add picture from clipboard (Maximum size: 14.8 MB)