-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS policy issue when retrieving bitstream through Angular #2962
Comments
@jonas-atmire and @MarieVerdonck : I've looked at this a bit today, and it looks like the backend code to download Bitstreams is completely bypassing Spring Security (and writing its own custom response). This is why none of the CORS headers are returned (as those are dynamically inserted into the response by Spring Security). The To me, the problem looks like it's with the MultipartFileSender, which bypasses Spring classes (like Later in that exact same StackOverflow question it's noted that Spring Boot now is able to handle similar Range requests automatically on its own: https://stackoverflow.com/a/63393094 (And I found a similar answer here https://stackoverflow.com/a/54615714 which links back to the internal code in Spring to manage sending back partial content from a Resource). So, my suspicion is the behavior seen from Angular is because this one endpoint is not using any standard Spring tooling. We'd either need to work to update this based on Spring Boot (i.e. perhaps gutting or removing much of the logic of For completion, the reason I think this is endpoint specific is the following:
|
Replaced by #2983 |
Describe the bug
During the implementation of the Angular counterpart of the scripts and processes output, @MarieVerdonck noticed the following error when retrieving the output bitstream through a GET call of the relevant
process._links.output.href
linkThis LOOKS to be CORS related at a first glance, but might need additional investigation as well.
Request
Response headers:
This might be solvable if the CORS headers are properly set through the REST Api, it might also have another underlying issue that is not readily apparent.
To Reproduce
Steps to reproduce the behaviour:
Expected behaviour
The bitstream should be properly 'downloaded', no CORS error should be logged, and the information of the logs should be shown in the UI
Related work
#2934
DSpace/dspace-angular#827
The text was updated successfully, but these errors were encountered: