From 5a0826fdf9501d846ecfb96ee9b28f29fa5fcd14 Mon Sep 17 00:00:00 2001 From: Mahmood Ali Date: Mon, 11 Nov 2019 14:41:51 +0000 Subject: [PATCH] Allow UI to query client directly Nomad web UI currently fails when querying client nodes for allocation state end endpoints, due to CORS policy. The issue is that CORS requests that are marked `withCredentials` need the http server to include a `Access-Control-Allow-Credentials` [1]. But Nomad Task Logs and filesystem requests include authenticating information and thus marked with `credentials=true`[2][3]. It's worth noting that the browser currently sends credentials and authentication token to servers anyway; it's just that the response is not made available to caller nomad ui javascript. For task logs specifically, nomad ui retries again by querying the web ui address (typically pointing to a nomad server) which will forward the request to the nomad client agent appropriately. [1] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Credentials [2] https://github.com/hashicorp/nomad/blob/101d0373eec5d58761d05e67e03f38916997a6d2/ui/app/components/task-log.js#L50 [3] https://github.com/hashicorp/nomad/blob/101d0373eec5d58761d05e67e03f38916997a6d2/ui/app/services/token.js#L25-L39 --- command/agent/http.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/command/agent/http.go b/command/agent/http.go index cb18c7f31..37d237f2c 100644 --- a/command/agent/http.go +++ b/command/agent/http.go @@ -41,9 +41,10 @@ var ( // allowCORS sets permissive CORS headers for a handler allowCORS = cors.New(cors.Options{ - AllowedOrigins: []string{"*"}, - AllowedMethods: []string{"HEAD", "GET"}, - AllowedHeaders: []string{"*"}, + AllowedOrigins: []string{"*"}, + AllowedMethods: []string{"HEAD", "GET"}, + AllowedHeaders: []string{"*"}, + AllowCredentials: true, }) )