https://cdn.proj.org response headers are missing in case of CORS

Question

https://cdn.proj.org response headers are missing in case of CORS

aharondavid opened this issue 2 years ago · comments

#95 still open.

In case of CORS, the following headers are missing from https://cdn.proj.org response:

'Content-Range'
'Last-Modified'
'ETag'

They are crucial for proj_network_get_header_value_cbk_type
As I wrote in #95, I think that the Access-Control-Expose-Headers should be set to '*' or explicitly add those headers

Aharon David commented 2 years ago

Thanks!

Connor Manning · Answer 1 · Tue Mar 14 2023 01:07:15 GMT+0800 (China Standard Time)

@rouault mentioned in #95 that * isn't allowed for that value, so adding them manually seems to be the only way. A more full list which is equivalent to * (skipping implementation-specific headers starting with x-) would be:

accept-ranges
age
content-length
content-range
content-type
date
etag
last-modified
server
vary
via

Adding just the 3 headers listed above seems reasonable to me, but alternatively this whole list could be added for future-proofing against other similar issues.

Even Rouault · Answer 2 · Tue Mar 14 2023 01:40:15 GMT+0800 (China Standard Time)

CORS config changed to:

[
    {
        "AllowedHeaders": [
            "Authorization",
            "Range"
        ],
        "AllowedMethods": [
            "GET"
        ],
        "AllowedOrigins": [
            "*"
        ],
        "ExposeHeaders": [
            "accept-ranges",
            "age",
            "content-length",
            "content-range",
            "content-type",
            "date",
            "etag",
            "last-modified",
            "server",
            "vary",
            "via"
        ],
        "MaxAgeSeconds": 3000
    }
]