ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
n/a
OS / ENVIRONMENT
n/a
SUMMARY
For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like Access-Control-Allow-Origin are set.
These headers are set here:
|
if [ -z $USEHTTPS ] | $USEHTTPS ; then |
|
if [ -f /etc/apache2/http.conf ]; then |
|
rm -rf /etc/apache2/http.conf |
|
fi |
|
cat >/etc/apache2/https.conf <<HTTPS |
|
RewriteEngine On |
|
RewriteCond %{HTTPS} =on |
|
RewriteCond %{REQUEST_METHOD} =POST |
|
RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L] |
|
Header always set Access-Control-Allow-Origin "*" |
|
Header always set Access-Control-Allow-Methods "POST, OPTIONS" |
|
Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires" |
|
HTTPS |
|
else |
|
if [ -f /etc/apache2/https.conf ]; then |
|
rm -rf /etc/apache2/https.conf |
|
fi |
|
cat >/etc/apache2/http.conf <<HTTP |
|
RewriteEngine On |
|
RewriteCond %{REQUEST_METHOD} =POST |
|
RewriteRule ^/upload/(.*) http://127.0.0.1:8210/upload?uuid=\$1 [P,L] |
|
Header always set Access-Control-Allow-Origin "*" |
|
Header always set Access-Control-Allow-Methods "POST, OPTIONS" |
|
Header always set Access-Control-Allow-Headers "x-requested-with, content-type, origin, authorization, accept, client-security-token, x-signature, x-metadata, x-expires" |
|
HTTP |
|
fi |
(commit
ac28571)
However depending on use.https.to.upload the headers will be set either only for http or only for https connections.
In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.
I see no reason for this behavior and the headers should be simply be set for both protocols.
I can prepare a pull request with changes if you accept this idea.
ISSUE TYPE
COMPONENT NAME
CLOUDSTACK VERSION
CONFIGURATION
n/a
OS / ENVIRONMENT
n/a
SUMMARY
For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like
Access-Control-Allow-Originare set.These headers are set here:
cloudstack/systemvm/debian/opt/cloud/bin/setup/secstorage.sh
Lines 53 to 78 in cea4801
(commit ac28571)
However depending on
use.https.to.uploadthe headers will be set either only for http or only for https connections.In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.
I see no reason for this behavior and the headers should be simply be set for both protocols.
I can prepare a pull request with changes if you accept this idea.