Skip to content

SSVM should set correct headers on both HTTP and HTTPS #9366

New issue
New issue
Open
#9389
Open
SSVM should set correct headers on both HTTP and HTTPS#9366
#9389
Assignees
vladimirpetrov
Labels
priority: lowtype:improvement
Milestone
 
4.20.1
@salfers

Description

@salfers
salfers
opened on Jul 11, 2024
ISSUE TYPE
  • Bug Report
COMPONENT NAME
Secondary Storage VM
CLOUDSTACK VERSION
verified on 4.19.0.1
CONFIGURATION

n/a

OS / ENVIRONMENT

n/a

SUMMARY

For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like Access-Control-Allow-Origin are set.

These headers are set here:

cloudstack/systemvm/debian/opt/cloud/bin/setup/secstorage.sh

Lines 53 to 78 in cea4801

if [ -z $USEHTTPS ] | $USEHTTPS ; then
if [ -f /etc/apache2/http.conf ]; then
rm -rf /etc/apache2/http.conf
fi
cat >/etc/apache2/https.conf <<HTTPS
RewriteEngine On
RewriteCond %{HTTPS} =on
RewriteCond %{REQUEST_METHOD} =POST
RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, OPTIONS"
Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
HTTPS
else
if [ -f /etc/apache2/https.conf ]; then
rm -rf /etc/apache2/https.conf
fi
cat >/etc/apache2/http.conf <<HTTP
RewriteEngine On
RewriteCond %{REQUEST_METHOD} =POST
RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L]
Header always set Access-Control-Allow-Origin "*"
Header always set Access-Control-Allow-Methods "POST, OPTIONS"
Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires"
HTTP
fi

(commit ac28571)

However depending on use.https.to.upload the headers will be set either only for http or only for https connections.
In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.

I see no reason for this behavior and the headers should be simply be set for both protocols.
I can prepare a pull request with changes if you accept this idea.

Metadata

Metadata

Assignees

Labels

priority: lowtype:improvement

Type

No type

Projects

Apache CloudStack BugFest - Issues

Status

ready for Testing

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions