Infrastructure

I have noticed that CORS calls to resources that are cached via Apache caches sometimes return an error, for example:

Access to XMLHttpRequest at 'https://search-stage.test.dataone.org/cn/v2/node' from origin 'http://localhost:3000' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains the invalid value ''.

This error was also being returned from the DataONE metrics service, which uses an Apache cache.

The solution:

Add the Header merge Vary Origin directory to the CN Apache config, so that Apache will check the Origin header on each request. Without this, Apache will use the cached Origin from the last cache response. This cached origin may vary from the origin currently being sent with the new request.

I tested this solution on CN Stage, (and the metrics service), and it worked. I will update cn-buildout and the production CN