Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[BUG] Browser unable to parse response headers from ExtensionRestResponse #167

Open
mzainab24 opened this issue Jul 2, 2024 · 7 comments
Labels
bug Something isn't working

Comments

@mzainab24
Copy link

What is the bug?

While using the extension, I connected my python extension with a React frontend to send requests through a browser. My frontend and backend were both running on localhost but on different ports. So the browser gave me a CORS error “no ‘access-control-allow-origin’ header is present on the requested resource” error.
Upon trying to solve this error and get the response on the browser, I tried adding the required response headers that are suggested to solve the CORS error.
My response header object looks as the following and my response object is of the type ExtensionRestResponse.

        #headers: dict[str, list[str]] = dict()
        response_headers = {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Headers": "Content-Type,Authorization",
        "Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,OPTIONS",
        } 

However, the browser does not parse the headers correctly, since the type of headers in the class ExtensionRestResponse is "headers: dict[str, list[str]] = dict(),"

Screenshot 2024-07-02 091827

So on the browser, the headers are always parsed as a list of strings.

Screenshot 2024-07-02 091610
Screenshot 2024-07-02 091629

And hence the browser cannot find the appropriate response headers to resolve the CORS issue.
I added the Chrome extension "Allow CORS: Access-Control-Allow-Origin" to make the requests temporarily working.

How can one reproduce the bug?

Add the above response headers in a sample request-response and the list could be seen from the console too.

Screenshot 2024-07-02 091443

What is the expected behavior?

The request should give the CORS error “no ‘access-control-allow-origin’ header is present on the requested resource” on the browser.
Screenshot 2024-07-02 092449

What is your host/environment?

Backend running on:
Distributor ID: Ubuntu
Description: Ubuntu 22.04.4 LTS
Release: 22.04
Architecture: x86-64
Frontend accessed from:
OS Name: Microsoft Windows 11 Pro
OS Version: 10.0.22631 N/A Build 22631
Browser: Google Chrome Version 126.0.6478.114 (Official Build) (64-bit)

Do you have any screenshots?

If applicable, add screenshots to help explain your problem.

Do you have any additional context?

Add any other context about the problem.

@mzainab24 mzainab24 added bug Something isn't working untriaged Issues that require attention from the maintainers. labels Jul 2, 2024
@dbwiddis
Copy link
Member

dbwiddis commented Jul 3, 2024

@mzainab24 this is a good point to note that I was new to Python when I wrote this code and clearly made an error here. I'll look into it over this long weekend. :|

@dbwiddis dbwiddis removed the untriaged Issues that require attention from the maintainers. label Jul 3, 2024
@dblock
Copy link
Member

dblock commented Jul 3, 2024

@mzainab24 We'd love your help fixing these bugs, too! Don't let @dbwiddis pick it all up :)

@mzainab24
Copy link
Author

mzainab24 commented Jul 4, 2024

@dblock and @dbwiddis sure, thanks. I will try to fix it too and post the solution. :)
I also had similar problem with requests. My requests that took longer would always end up being timed out by the extension without receiving a response since the process to provide to response would still be running at the back but the extension would return a timeout. And I couldn't add timeout headers in the request.

@dbwiddis
Copy link
Member

dbwiddis commented Jul 5, 2024

My response header object looks as the following and my response object is of the type ExtensionRestResponse.

        #headers: dict[str, list[str]] = dict()
        response_headers = {
        "Access-Control-Allow-Origin": "*",
        "Access-Control-Allow-Headers": "Content-Type,Authorization",
        "Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,OPTIONS",
        } 

Have you tried this?

        response_headers = {
        "Access-Control-Allow-Origin": ["*"],
        "Access-Control-Allow-Headers": ["Content-Type", "Authorization"],
        "Access-Control-Allow-Methods": ["GET", "PUT", "POST", "DELETE", "OPTIONS"],
        } 

Or, alternately

        #headers: dict[str, list[str]] = dict()
        response_headers = {
        "Access-Control-Allow-Origin": "*".split(','),
        "Access-Control-Allow-Headers": "Content-Type,Authorization".split(','),
        "Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,OPTIONS".split(','),
        } 

@mzainab24
Copy link
Author

@dbwiddis yes, the CORS error still holds.

@dbwiddis
Copy link
Member

dbwiddis commented Jul 5, 2024

@mzainab24 I need a bit more clarity on where you are interacting with the extension via your browser.

The type dict[str, list[str]] is meant to exactly match the OpenSearch RestResponse type for headers:

private Map<String, List<String>> customHeaders;

Extensions normally don't reply to HttpClients directly, those clients hit OpenSearch, and the RestRequest is serialized to the extension, and an appropriate RestResponse is serialized back. The transport layer serialization is expecting exactly this format; iterating over a list to call addHeader() on the responses, and it's sent in an OutboundMessageResponse by the ExtensionRestRequestHandler. It's later used by OpenSearch in the RestChannel where it expects a Map<String, List<String>> of custom headers and adds its own headers to it.

Extensions in general (and thus this Python implementation) don't maintain their own incoming Rest Handlers; all their incoming communication is over transport.

So I am not sure there is any bug, and if you're trying to use a Python Rest Server to handle things, you need to do similar things as the OpenSearch RestChannel to parse headers to/from this data type.

@dblock
Copy link
Member

dblock commented Jul 9, 2024

@mzainab24 The explanation above boils down to the fact that your browser should be talking to the OpenSearch server instance on its port, not to anything the extension exposes.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

3 participants