l2fprod opened a new issue #2478: If a web action emits CORS header but does not specify the "web-custom-options" annotation, it results in duplicate headers URL: https://github.com/apache/incubator-openwhisk/issues/2478 I have one action that I expose as a web action. The action returns: ``` { headers: { 'Access-Control-Allow-Origin': '*', 'Content-Type': 'application/json' }, body: new Buffer(JSON.stringify(result)).toString('base64') } ``` When doing a curl, I'm seeing this as the Access-Control-Allow-Origin: ``` < Access-Control-Allow-Origin: *,* ``` Notice the double star. It leads to an error when calling the web action with AJAX from Chrome. You get the error `XMLHttpRequest cannot load https://openwhisk.ng.bluemix.net/api/v1/web/mynamespace/default/fibonacci?iteration=500. The 'Access-Control-Allow-Origin' header contains multiple values '*,*', but only one is allowed. Origin 'http://deployment-options-tester.mybluemix.net' is therefore not allowed access.` I guess I wrote this action before OW started to emit default CORS headers (https://github.com/apache/incubator-openwhisk/blob/master/docs/webactions.md#options-requests) and before the introduction of the "web-custom-options" annotation. If I change my code to not emit the Access-Control-Allow-Origin then it works. OW should report a warning, or not set its default headers if I set them explicitly, or ignore mine. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
With regards, Apache Git Services
