subject:"Re\: \[tor\-bugs\] #22062 \[Metrics\/Onionoo\]\: Bad requests do not add the Access\-Control\-Allow\-Origin header"

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

2019-11-01 Thread Tor Bug Tracker & Wiki

#22062: Bad requests do not add the Access-Control-Allow-Origin header
-+--
 Reporter:  cypherpunks  |  Owner:  metrics-team
 Type:  defect   | Status:  needs_review
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  metrics-2018 |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+--
Changes (by karsten):

 * status:  new => needs_review
 * reviewer:   => irl


Comment:

 Okay, I spent way more time on this than I should have. Here's what I
 found out:

 We can indeed set the `Access-Control-Allow-Origin *` header at the top of
 `doGet`:

 {{{
 diff --git
 a/src/main/java/org/torproject/metrics/onionoo/server/ResourceServlet.java
 b/src/main/java/org/torproject/metrics/onionoo/server/ResourceServlet.java
 index 0fee44b..b46c465 100644
 ---
 a/src/main/java/org/torproject/metrics/onionoo/server/ResourceServlet.java
 +++
 b/src/main/java/org/torproject/metrics/onionoo/server/ResourceServlet.java
 @@ -96,6 +96,8 @@ public class ResourceServlet extends HttpServlet {
HttpServletResponseWrapper response, long receivedRequestMillis)
throws IOException {

 +response.setHeader("Access-Control-Allow-Origin", "*");
 +
  if (this.maintenanceMode) {
response.sendError(HttpServletResponse.SC_SERVICE_UNAVAILABLE);
return;
 @@ -408,7 +410,6 @@ public class ResourceServlet extends HttpServlet {
  ((CACHE_MAX_TIME - indexAgeMillis)
  / CACHE_INTERVAL) * CACHE_INTERVAL);

 -response.setHeader("Access-Control-Allow-Origin", "*");
  response.setContentType("application/json");
  response.setCharacterEncoding("utf-8");
  response.setHeader("Cache-Control", "public, max-age="
 }}}

 The effect is that all requests being handled by this servlet class will
 have that header, regardless of response code. This includes URLs starting
 with `/summary`, `/details`, `/bandwidth`, `/weights`, `/clients`, and
 `/uptime`. It does not, however, apply for other resources including typos
 of those URLs.

 The same does not work for cache headers. These are overwritten when we
 call `sendError()`, and I don't see an easy way to prevent that from
 happening. Maybe a filter or another handler or whatever Jetty has for
 such cases. Unfortunately, I don't know Jetty well enough to configure
 this, and I lack the time to find out.

 My suggestion would be that we move the `Access-Control-Allow-Origin *`
 header at the top of `doGet` as seen in the diff above and leave caching
 unchanged. How does this sound?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

2019-11-09 Thread Tor Bug Tracker & Wiki

#22062: Bad requests do not add the Access-Control-Allow-Origin header
-+--
 Reporter:  cypherpunks  |  Owner:  metrics-team
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:  metrics-2018 |  Actual Points:
Parent ID:   | Points:
 Reviewer:  irl  |Sponsor:
-+--
Changes (by karsten):

 * status:  needs_review => closed
 * resolution:   => fixed


Comment:

 I'm about to put out a new Onionoo release, and I'm going to include this
 really minor change there. We can look into headers and caching in #32065.
 Merging and closing. Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

2017-05-09 Thread Tor Bug Tracker & Wiki

#22062: Bad requests do not add the Access-Control-Allow-Origin header
-+--
 Reporter:  cypherpunks  |  Owner:  metrics-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by karsten):

 Before I try out whether this works and what it might break in unexpected
 ways: what's the use case for including these headers in responses to bad
 requests?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

2017-05-10 Thread Tor Bug Tracker & Wiki

#22062: Bad requests do not add the Access-Control-Allow-Origin header
-+--
 Reporter:  cypherpunks  |  Owner:  metrics-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by cypherpunks):

 Replying to [comment:1 karsten]:
 > Before I try out whether this works and what it might break in
 unexpected ways: what's the use case for including these headers in
 responses to bad requests?
 I can't speak about the Cache-Control header but including the Access-
 Control-Allow-Origin header for responses to bad requests would allow
 browsers to fully load the response and prevent CORS errors from showing
 up in the console.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

2017-11-26 Thread Tor Bug Tracker & Wiki

#22062: Bad requests do not add the Access-Control-Allow-Origin header
-+--
 Reporter:  cypherpunks  |  Owner:  metrics-team
 Type:  defect   | Status:  new
 Priority:  Medium   |  Milestone:
Component:  Metrics/Onionoo  |Version:
 Severity:  Normal   | Resolution:
 Keywords:  metrics-2018 |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+--

Comment (by irl):

 This would be required for #8667.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

Re: [tor-bugs] #22062 [Metrics/Onionoo]: Bad requests do not add the Access-Control-Allow-Origin header

5 matches

Site Navigation

Mail list logo

Footer information