Closed
Bug 1048405
Opened 10 years ago
Closed 10 years ago
esFrontline returns a 400 when doing a HEAD request on /
Categories
(Testing :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: jlorenzo, Unassigned)
References
(Blocks 1 open bug)
Details
Attachments
(2 files)
|
192.58 KB,
image/png
|
Details | |
|
2.03 KB,
patch
|
st3fan
:
review+
|
Details | Diff | Splinter Review |
Requests made - Firefox dev tools screenshot
I am trying to connect to the elasticsearch database via the official JS client: https://github.com/elasticsearch/elasticsearch-js/. My objective is to make a POST request on /public_bugs/bug_version/_search. When this library tries to connect to a database with HTTPS, it makes an OPTIONS request on the resource (/public_bugs/bug_version/_search) which returns 'Allow:"POST, HEAD, OPTIONS, GET"'. Then that library crafts a HEAD request on / but the server returns a 400 which immediately stops the library. See attached screenshot for details. This issue has been found with elasticsearch-js running in the browser as an AngularJS module. It has been tested on Firefox beta, nightly and the latest Chrome. I don't thing this is an issue with elasticsearch-js or its integration in AngularJS. In fact, with the same configuration, if you connect to the VPN and use the regular HTTP connection, the library is working again. With the same configuration, if you disconnect from the VPN and you host your own HTTPS reverse proxy to your own elasticsearch database, the library is working as expected. As tested with my own HTTPS proxy, the only thing that is missing is the response to a HEAD request. No more request is done between the HEAD on / and the POST on /public_bugs/bug_version/_search.
|
||
Comment 1•10 years ago
|
||
Stefan, Do I need a security review to open up HEAD requests with the ESFrontline? In either case, may you please do the code review on my change (when I write it?) Thanks!
Flags: needinfo?(sarentz)
|
|
||
Comment 2•10 years ago
|
||
The diff can be seen on Github at: https://github.com/klahnakoski/esFrontLine/commit/748e5bc1642e17db67b845df99ffef4d525d4c27 The change is found on the add_head_handling branch: https://github.com/klahnakoski/esFrontLine/tree/add_head_handling I have a pull request to merge this branch: https://github.com/klahnakoski/esFrontLine/pull/5
Attachment #8468752 -
Flags: review?(sarentz)
|
||
Comment 3•10 years ago
|
||
Isn't the OPTIONS request that you see the browser doing a CORS Preflight Request? Are you handling CORS correctly? You may just have to set a few Access-Control-* headers instead of supporting HEAD.
Flags: needinfo?(sarentz)
|
|
||
Comment 4•10 years ago
|
||
I just read that the OPTIONS request is handled by the Flask infrastructure, so it is unsurprising esFrontLine may be handling it already. In theory, esFrontLine is setting the CORS header (https://github.com/klahnakoski/esFrontLine/blob/master/esFrontLine/app.py#L89), but Operations' infrastructure removes it, and adds it's own (which is set to *).
|
|
||
Comment 5•10 years ago
|
||
In any case, I looked at the code. I dont think it needs a full review. It looks fine.
|
|
||
Updated•10 years ago
|
Attachment #8468752 -
Flags: review?(sarentz) → review+
|
|
||
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•