Bug 1599259
| Summary: | Getting CORS error while creating quotas via javascript | |||
|---|---|---|---|---|
| Product: | Red Hat CloudForms Management Engine | Reporter: | Nikhil Gupta <ngupta> | |
| Component: | API | Assignee: | Joe Vlcek <jvlcek> | |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Parthvi Vala <pvala> | |
| Severity: | high | Docs Contact: | ||
| Priority: | high | |||
| Version: | 5.9.0 | CC: | cpelland, dmetzger, gtanzill, hkataria, jprause, jvlcek, lavenel, lgalis, mfeifer, mpovolny, ngupta, obarenbo, pvala, simaishi | |
| Target Milestone: | GA | Keywords: | TestOnly, ZStream | |
| Target Release: | 5.10.0 | |||
| Hardware: | Unspecified | |||
| OS: | Unspecified | |||
| Whiteboard: | ||||
| Fixed In Version: | 5.10.0.23 | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | ||
| Clone Of: | ||||
| : | 1646606 (view as bug list) | Environment: | ||
| Last Closed: | 2019-02-11 14:03:08 UTC | Type: | Bug | |
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | CFME Core | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | ||||
| Bug Blocks: | 1595269, 1646606 | |||
|
Description
Nikhil Gupta
2018-07-09 10:31:31 UTC
Can you please try to recreate this issue outside of the js code you've included? It's not clear if this is an issue with the API or the js that is calling it. Thanks! Hi Greg,
Thank you for your reply.
I am able to create the tenant and quota via api on my test system and status is 200 OK.
I have created them as follows:
~~~
### Tenant create ###
{
"action" : "create",
"resource" : {
"name": "tenantapi",
"description": "Tenant for api",
"parent": {"id": "99000000000001"}
}
}
### Quota create ###
{
"action" : "create",
"resources" : [
{
"name" : "cpu_allocated",
"value" : 1
},
{
"name": "mem_allocated",
"value": 2147483648000
}
]
}
~~~
However, customer is facing this issue with js. He able to create the tenant and groups via js but facing CORS error while creating quotas. The /api/tenants/:id/quotas is not returning correct headers.
All we have to do is opt-in to CORS requests on cfme API server by returning the proper headers based on the request.
Regards,
Niks
New commit detected on ManageIQ/manageiq-api/master: https://github.com/ManageIQ/manageiq-api/commit/5edf913e6ae26c3a6f5f6bb9836c1d2776fbb52d commit 5edf913e6ae26c3a6f5f6bb9836c1d2776fbb52d Author: Joe VLcek <jvlcek> AuthorDate: Tue Oct 16 14:41:38 2018 -0400 Commit: Joe VLcek <jvlcek> CommitDate: Tue Oct 16 14:41:38 2018 -0400 Add subcollection options support for CORS prefilghted requests https://bugzilla.redhat.com/show_bug.cgi?id=1599259 app/controllers/api/base_controller.rb | 6 +- config/routes.rb | 3 + spec/requests/tenant_quotas_spec.rb | 6 + 3 files changed, 14 insertions(+), 1 deletion(-) New commit detected on ManageIQ/manageiq-api/hammer: https://github.com/ManageIQ/manageiq-api/commit/9b4e42018e90d95bc0d46cfe970859ee82386146 commit 9b4e42018e90d95bc0d46cfe970859ee82386146 Author: Alberto Bellotti <abellotti.github.com> AuthorDate: Thu Oct 18 16:14:04 2018 -0400 Commit: Alberto Bellotti <abellotti.github.com> CommitDate: Thu Oct 18 16:14:04 2018 -0400 Merge pull request #495 from jvlcek/bz_1599259_CORS Add subcollection options support for CORS prefilghted requests (cherry picked from commit 3502e51181ce92c28866a4626fdfadf0d31bd591) https://bugzilla.redhat.com/show_bug.cgi?id=1599259 app/controllers/api/base_controller.rb | 6 +- config/routes.rb | 3 + spec/requests/tenant_quotas_spec.rb | 6 + 3 files changed, 14 insertions(+), 1 deletion(-) FIXED. Verified on 5.10.0.24.20181113213923_03b81fd.
Steps taken to verify the BZ:
1) Create `tenant` using API.
Request: POST /api/tenants
Query: {
"name" : "Test Tenant",
"description" : "Test Tenant Description",
"parent" : { "href" : "http://<ip_address>/api/tenants/:id" }
}
2) Create quota for the tenant.
Request: POST /api/tenants/:id/quotas
Query: {
"name" : "cpu_allocated",
"value" : 1
}
3) Send `OPTIONS` to /api/tenants/:id/quotas and check HEADER.
HEADERS:
Date: Wed, 21 Nov 2018 07:08:21 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_auth_gssapi/1.5.1 mod_auth_kerb/5.4
Access-Control-Allow-Origin: *
Access-Control-Allow-Headers: origin, content-type, authorization, x-auth-token
Access-Control-Allow-Methods: GET, POST, PUT, DELETE, PATCH, OPTIONS
Content-Type: application/json; charset=utf-8
Content-Security-Policy: default-src 'self'; connect-src 'self'; frame-src 'self'; script-src 'unsafe-eval' 'unsafe-inline' 'self'; style-src 'unsafe-inline' 'self'; report-uri /dashboard/csp_report
Strict-Transport-Security: max-age=631152000
X-Content-Type-Options: nosniff
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 1; mode=block
Cache-Control: no-cache
X-Request-Id: d0a3cbba-1c51-4781-a695-903088ec8bc6
X-Runtime: 0.013794
Content-Length: 0
These are headers from the request sent to a 5.9.2 appliance.
Date: Wed, 21 Nov 2018 07:08:54 GMT
Server: Apache/2.4.6 (Red Hat Enterprise Linux) OpenSSL/1.0.2k-fips mod_auth_kerb/5.4
Content-Type: text/html; charset=utf-8
X-Request-Id: 4fdae38a-5977-4244-918f-e4a0b966be6f
X-Runtime: 0.003523
Content-Length: 728
This was not verified via AJAX Request. I checked via CURL and verified that `Access-Control-Allow-Origin` was present in the HEADER of OPTIONS request sent to a 5.10.0.24 appliance, which was earlier not present in the HEADER of OPTIONS request sent to a 5.9.2 appliance.
|