1713939 - CORS headers not present on symbol files in S3

Status: UNCONFIRMED

(Tecken :: General, enhancement)

Description

[nornagon]

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.77 Safari/537.36

Steps to reproduce:

I'd like to be able to fetch .sym files from symbols.mozilla.org in a cross-origin (CORS) context, using fetch().

Actual results:

symbols.mozilla.org serves CORS headers, but redirects to S3, which does not serve CORS headers:

$ curl -v https://symbols.mozilla.org/try/kernelbase.pdb/CEE04301C8F251CA9E6E654BAF74F0B21/kernelbase.sym
[...]
< HTTP/1.1 302 Found
< Access-Control-Allow-Headers: accept,accept-encoding,authorization,content-type,dnt,origin,user-agent,x-csrftoken,x-requested-with
< Access-Control-Allow-Methods: GET
< Access-Control-Allow-Origin: *
[...]
< Location: https://s3.us-west-2.amazonaws.com/org.mozilla.crash-stats.symbols-public/v1/kernelbase.pdb/CEE04301C8F251CA9E6E654BAF74F0B21/kernelbase.sym?AWSAccessKeyId=[...]&Signature=[...]&Expires=[...]

$ curl -v 'https://s3.us-west-2.amazonaws.com/org.mozilla.crash-stats.symbols-public/v1/kernelbase.pdb/CEE04301C8F251CA9E6E654BAF74F0B21/kernelbase.sym?AWSAccessKeyId=[...]&Signature=[...]&Expires=[...]'
< HTTP/1.1 200 OK
< x-amz-id-2: AkbNH8HP5EIeiZuAofqvy52JByi6H6uuDcMZA59MNjg1elntAoqvAh+C0mM37LH7yD/l/1s1Xjk=
< x-amz-request-id: 6228XDVJ94F497E9
< Date: Tue, 01 Jun 2021 18:35:07 GMT
< Last-Modified: Thu, 18 Feb 2021 00:10:18 GMT
< x-amz-expiration: expiry-date="Sun, 19 Feb 2023 00:00:00 GMT", rule-id="first_ia_then_delete"
< ETag: "9692da038070b2a845331b4767702cc1"
< x-amz-meta-original_md5_hash: b724357a42355c0d94ef6a4c414e94bf
< x-amz-meta-original_size: 716713
< Content-Encoding: gzip
< x-amz-version-id: Ig0773dC6MTSPlYyc7afqbNGqatB80M6
< Accept-Ranges: bytes
< Content-Type: text/plain
< Content-Length: 127092
< Server: AmazonS3

Expected results:

I'd like for the response from S3 to have the header Access-Control-Allow-Origin: *

Comment 1

[Will Kahn-Greene [:willkg] ET needinfo? me]

Hi! Can you explain more about what you're working on that's doing the fetch()?

Comment 2

[nornagon]

Hey there :) I'm building a symbolicator that can work in the browser, i.e. a user can drag a minidump file into a web page and get a symbolicated crash in return. Based on https://github.com/luser/rust-minidump, modified to compile to WebAssembly.

Comment 3

[Gian-Carlo Pascutto [:gcp]]

I'm building a symbolicator that can work in the browser,

But why do you need our symbol server for this?

Comment 4

[nornagon]

@gcp because the symbol files need to come from somewhere :) The Mozilla symbol server is really useful for getting breakpad-formatted symbol files for system libraries. It's the only place I know that has a reasonably-complete repository of symbol files for macOS and Linux system libraries, in particular.

Comment 5

[Gian-Carlo Pascutto [:gcp]]

Understood. If you're planning to ship this widely, you should be aware that it's rate limited unless you have an API key (as hosting it does cost us money!)

Comment 6

[nornagon]

Good to know. I don't expect a huge amount of traffic, but I'll be happy to collaborate on ways to control costs if it becomes an issue!

Comment 7

[Will Kahn-Greene [:willkg] ET needinfo? me]

I'm removing this from the GCP migration project. We'll look at it afterwards.

Comment 8

[Sven Marnach :sven]

Attachment: [mozilla-it/webservices-infra] OBS-287, bug-1713939: Tecken GCS bucket setting changes (#2444)

Comment 9

[Sven Marnach :sven]

smarnach merged PR [mozilla-it/webservices-infra]: OBS-287, bug-1713939: Tecken GCS bucket setting changes (#2444) in b405311.

Comment 10

[Sven Marnach :sven]

This should be fixed for GCS buckets now, but it will take another few months until we migrated all data out of S3.