cloudstack icon indicating copy to clipboard operation
cloudstack copied to clipboard
verified publisher icon apache

SSVM should set correct headers on both HTTP and HTTPS

Open salfers opened this issue 1 year ago • 1 comments

ISSUE TYPE
  • Bug Report
COMPONENT NAME
Secondary Storage VM
CLOUDSTACK VERSION
verified on 4.19.0.1
CONFIGURATION

n/a

OS / ENVIRONMENT

n/a

SUMMARY

For ISO and template uploads to work clients access the secondary storage VM, which is a different origin than the web UI. This only works if headers like Access-Control-Allow-Origin are set.

These headers are set here: https://github.com/apache/cloudstack/blob/cea4801be180c4e54a16e0553c8f393c70055412/systemvm/debian/opt/cloud/bin/setup/secstorage.sh#L53-L78 (commit ac2857158d8b00218cfe5217976e138b469096ad)

However depending on use.https.to.upload the headers will be set either only for http or only for https connections. In our environment we have a load balancer in front of the SSVM, which handles SSL and forwards the connections over HTTP. The headers won't be set and all template/ISO uploads fail with an error.

I see no reason for this behavior and the headers should be simply be set for both protocols. I can prepare a pull request with changes if you accept this idea.

salfers avatar Jul 11 '24 08:07 salfers

Sounds good @salfers , we just need to check backwards compatibility but I foresee no problems

DaanHoogland avatar Jul 11 '24 14:07 DaanHoogland