Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

bug: CORS tests not finding existing values #186

Closed
SgtPooki opened this issue Dec 5, 2023 · 5 comments · Fixed by #207
Closed

bug: CORS tests not finding existing values #186

SgtPooki opened this issue Dec 5, 2023 · 5 comments · Fixed by #207

Comments

@SgtPooki
Copy link
Member

SgtPooki commented Dec 5, 2023

server is responding with content-range but test fails.

see: Error: Header 'Access-Control-Expose-Headers' expected to find 'Content-Range' in '[Location, Content-Range]'

Full output of test run 
Running tool: /Users/sgtpooki/.asdf/installs/golang/1.20.6/go/bin/go test -timeout 30s -run ^TestCors/GET_Responses_from_Gateway_should_include_CORS_headers_allowing_JS_from_other_origins_to_read_the_data_cross-origin./Header_Access-Control-Expose-Headers$ github.com/ipfs/gateway-conformance/tests

2023-12-05T11:46:26.255-0800    DEBUG   conformance     test/config.go:50       GatewayURL: http://127.0.0.1:8090
2023-12-05T11:46:26.256-0800    DEBUG   conformance     test/config.go:52       SubdomainGatewayURL: helia-http-gateway.localhost
2023-12-05T11:46:26.256-0800    DEBUG   conformance     test/config.go:53       SubdomainGatewayHost:
2023-12-05T11:46:26.256-0800    DEBUG   conformance     test/config.go:54       SubdomainGatewayScheme:
=== RUN   TestCors
    /Users/sgtpooki/code/work/protocol.ai/ipfs/gateway-conformance/tests/path_gateway_cors_test.go:12: --- META: {"group":"CORS"}
=== RUN   TestCors/GET_Responses_from_Gateway_should_include_CORS_headers_allowing_JS_from_other_origins_to_read_the_data_cross-origin.
2023-12-05T11:46:26.257-0800    DEBUG   conformance     test/run.go:101 Querying http://127.0.0.1:8090/ipfs/bafkqabtimvwgy3yk/
=== RUN   TestCors/GET_Responses_from_Gateway_should_include_CORS_headers_allowing_JS_from_other_origins_to_read_the_data_cross-origin./Header_Access-Control-Expose-Headers
    /Users/sgtpooki/code/work/protocol.ai/ipfs/gateway-conformance/tests/run.go:53:
        Name: GET Responses from Gateway should include CORS headers allowing JS from other origins to read the data cross-origin.
        Hint:

        Error: Header 'Access-Control-Expose-Headers' expected to find 'Content-Range' in '[Location, Content-Range]'

        Expected Request:
        {
          "method": "GET",
          "path": "/ipfs/bafkqabtimvwgy3yk/"
        }

        Actual Request:
        GET /ipfs/bafkqabtimvwgy3yk/ HTTP/1.1
        Host: 127.0.0.1:8090
        User-Agent: Go-http-client/1.1
        Accept-Encoding: gzip



        Expected Response:
        {
          "headers": [
            {
              "key": "Access-Control-Allow-Origin",
              "check": {}
            },
            {
              "key": "Access-Control-Allow-Methods",
              "check": {}
            },
            {
              "key": "Access-Control-Allow-Headers",
              "check": {}
            },
            {
              "key": "Access-Control-Expose-Headers",
              "check": {}
            }
          ]
        }

        Actual Response:
        HTTP/1.1 301 Moved Permanently
        Access-Control-Allow-Origin: *
        Access-Control-Expose-Headers: Location, Content-Range
        Connection: keep-alive
        Date: Tue, 05 Dec 2023 19:46:26 GMT
        Keep-Alive: timeout=72
        Location: //bafkqabtimvwgy3yk.ipfs.127.0.0.1:8090/
        Vary: Origin
        Content-Length: 0



--- FAIL: TestCors/GET_Responses_from_Gateway_should_include_CORS_headers_allowing_JS_from_other_origins_to_read_the_data_cross-origin./Header_Access-Control-Expose-Headers (0.00s)
--- FAIL: TestCors/GET_Responses_from_Gateway_should_include_CORS_headers_allowing_JS_from_other_origins_to_read_the_data_cross-origin. (0.00s)
--- FAIL: TestCors (0.00s)
FAIL
FAIL    github.com/ipfs/gateway-conformance/tests       0.154s
@SgtPooki
Copy link
Member Author

SgtPooki commented Dec 5, 2023
edited
Loading

Also fails when I return:

  • Access-Control-Expose-Headers: Location,Content-Range
  • Access-Control-Expose-Headers: Location, Content-Range

@SgtPooki
Copy link
Member Author

SgtPooki commented Dec 5, 2023

allow-methods is also failing: Error: Header 'Access-Control-Allow-Methods' expected to find 'GET' in '[GET, PUT, PATCH, POST, DELETE, OPTIONS]'

@SgtPooki
Copy link
Member Author

SgtPooki commented Dec 5, 2023

Also, the CORS tests seem to be requesting preflight headers on non-preflight requests, so I had to disable some things in @fastify/cors at https:/fastify/fastify-cors/blob/ec470fcc810b386d90abef47cd55f281d0d7bc2d/index.js#L178-L201

@SgtPooki SgtPooki changed the title bug: CORS test for expose-headers "content-range" check bug: CORS tests not finding existing values Dec 5, 2023
@laurentsenta
Copy link
Contributor

Nice catch; this is caused by #21

FWIW, with helia being the first gateway not based on the go stack, you might hit other issues related to universality: #121.

@SgtPooki
Copy link
Member Author

FYI i've got conformance tests running in verified-fetch now (see ipfs/helia-verified-fetch#67) and this is still occurring.

cc @lidel @hacdias

=== RUN   TestCors/GET_Responses_from_Gateway_should_include_CORS_headers_allowing_JS_from_other_origins_to_read_the_data_cross-origin./Header_Access-Control-Allow-Headers

    run.go:53: 
        Name: GET Responses from Gateway should include CORS headers allowing JS from other origins to read the data cross-origin.
        Hint: 
        
        Error: Header 'Access-Control-Allow-Headers' expected to find 'Content-Type' in '[Content-Type, Range, User-Agent, X-Requested-With]'
        
        Expected Request:
        {
          "method": "GET",
          "path": "/ipfs/bafkqabtimvwgy3yk/"
        }
        
        Actual Request:
        GET /ipfs/bafkqabtimvwgy3yk/ HTTP/1.1
        Host: host.docker.internal:3442
        User-Agent: Go-http-client/1.1
        Accept-Encoding: gzip
        
        
        
        Expected Response:
        {
          "headers": [
            {
              "key": "Access-Control-Allow-Origin",
              "check": {}
            },
            {
              "key": "Access-Control-Allow-Methods",
              "check": {}
            },
            {
              "key": "Access-Control-Allow-Headers",
              "check": {}
            },
            {
              "key": "Access-Control-Expose-Headers",
              "check": {}
            }
          ]
        }
        
        Actual Response:
        HTTP/1.1 200 OK
        Transfer-Encoding: chunked
        Accept-Ranges: bytes
        Access-Control-Allow-Headers: Content-Type, Range, User-Agent, X-Requested-With
        Access-Control-Allow-Methods: GET, HEAD, OPTIONS
        Access-Control-Allow-Origin: *
        Cache-Control: public, max-age=29030400, immutable
        Connection: keep-alive
        Content-Type: text/html; charset=utf-8
        Date: Tue, 30 Apr 2024 23:47:29 GMT
        Etag: "bafkqabtimvwgy3yk"
        Keep-Alive: timeout=5
        X-Ipfs-Path: /ipfs/bafkqabtimvwgy3yk

@SgtPooki SgtPooki mentioned this issue May 1, 2024
Open
SgtPooki added a commit that referenced this issue May 16, 2024
@SgtPooki
test: add test to verify bug
8a4233d 
Shows the problem mentioned in #186
@SgtPooki SgtPooki mentioned this issue May 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Header().Has works properly for checking multiple values ipfs/gateway-conformance
2 participants
@laurentsenta @SgtPooki