Description
We just encountered a strange CORS bug that that we found a solution to. Our solution is this git commit:
diff --git a/prism_orchestrator_server/router.py b/prism_orchestrator_server/router.py
index 58dfd83..34262f7 100644
--- a/prism_orchestrator_server/router.py
+++ b/prism_orchestrator_server/router.py
@@ -106,6 +106,15 @@ def register_routes(container):
visual_classes = router.add_resource("/visual-classes/")
visual_classes.add_route("GET", resources["visual_classes"].index)
+ visual_class_merge = router.add_resource("/visual-classes/merge")
+ visual_class_merge.add_route("PUT", resources["visual_classes"].merge)
+
+ visual_class_move = router.add_resource("/visual-classes/move")
+ visual_class_move.add_route("PUT", resources["visual_classes"].move)
+
+ visual_class_extract = router.add_resource("/visual-classes/extract")
+ visual_class_extract.add_route("PUT", resources["visual_classes"].extract)
+
visual_class = router.add_resource("/visual-classes/{visual_class_id}")
visual_class.add_route("GET", resources["visual_classes"].get)
@@ -119,15 +128,6 @@ def register_routes(container):
)
visual_class_history.add_route("GET", resources["visual_classes"].get_history)
- visual_class_merge = router.add_resource("/visual-classes/merge")
- visual_class_merge.add_route("PUT", resources["visual_classes"].merge)
-
- visual_class_move = router.add_resource("/visual-classes/move")
- visual_class_move.add_route("PUT", resources["visual_classes"].move)
-
- visual_class_extract = router.add_resource("/visual-classes/extract")
- visual_class_extract.add_route("PUT", resources["visual_classes"].extract)
-
router.add_route("GET", "/instances", redirect_perm("/instances/"))
router.add_route("POST", "/instances", redirect_perm("/instances/"))
instances = router.add_resource("/instances/")
Basically the problem was that /visual-classes/merge, /visual-classes/move and /visual-classes/extract routes were defined after /visual-classes/{visual_class_id}, and while aiohttp was able to handle this routing order with no problems, it appears that aiohttp-cors cannot.
That is aiohttp-cors fixes the GET for /visual-classes/{visual_class_id} and later when I try to enable CORS for /visual-classes/merge for PUT, it doesn't work, because it thinks that GET cors options have already been set for /visual-classes/{visual_class_id}.
After some debugging. The only solution was to move the more specific routes on top of the generic route. And then CORS worked beautifully.
I think this is a bug in aiohttp-cors, and it's particularly nasty because it's very silent, and when you think aiohttp routing works fine, but cors doesn't, it can be difficult to realize this.