[ARVADOS] created: 572a74976c1d2d341265c1377a60222215079c62

git at public.curoverse.com git at public.curoverse.com
Tue Mar 10 10:04:19 EDT 2015 

        at  572a74976c1d2d341265c1377a60222215079c62 (commit)


commit 572a74976c1d2d341265c1377a60222215079c62
Author: Tom Clegg <tom at curoverse.com>
Date:   Tue Mar 10 03:06:44 2015 -0400

    5182: Silently skip Angular initialization if injector() returns null.
    
    This happens occasionally during tests, and seems benign (except that
    our tests demand an empty debug console).

diff --git a/apps/workbench/app/assets/javascripts/angular_shim.js b/apps/workbench/app/assets/javascripts/angular_shim.js
index 8665c73..976d09b 100644
--- a/apps/workbench/app/assets/javascripts/angular_shim.js
+++ b/apps/workbench/app/assets/javascripts/angular_shim.js
@@ -3,7 +3,7 @@
 // arv:pane:loaded event after updating the DOM.
 
 $(document).on('arv:pane:loaded', function(event, $updatedElement) {
-    if (angular && $updatedElement) {
+    if (angular && $updatedElement && angular.element($updatedElement).injector()) {
         angular.element($updatedElement).injector().invoke([
             '$compile', function($compile) {
                 var scope = angular.element($updatedElement).scope();

commit 8c473f086b705d55132286cd2a276bcf67a15558
Author: Tom Clegg <tom at curoverse.com>
Date:   Tue Mar 10 02:58:58 2015 -0400

    5182: Improve error reporting in uploader.
    
    Missing CORS headers (and network errors which force the browser to
    assume CORS headers are missing) are reported as error==="". In place
    of the enigmatic "error:", we show a message hinting at network/CORS
    problems and pointing the user to the browser debug console for
    further clues.
    
    Mixed-content errors (https://workbench/*.js attempts AJAX request at
    http://proxy/*) don't invoke success/fail handlers at all, so we catch
    them ahead of time and show an appropriate message.

diff --git a/apps/workbench/app/assets/javascripts/upload_to_collection.js b/apps/workbench/app/assets/javascripts/upload_to_collection.js
index d4333fa..58ac3fe 100644
--- a/apps/workbench/app/assets/javascripts/upload_to_collection.js
+++ b/apps/workbench/app/assets/javascripts/upload_to_collection.js
@@ -65,6 +65,7 @@ function UploadToCollection($scope, $filter, $q, $timeout,
     ////////////////////////////////
 
     var keepProxy;
+    var defaultErrorMessage = 'A network error occurred, or there is a CORS configuration problem. Please check your browser debug console for a more specific error message (browser security features prevent us from showing the details here).';
 
     function SliceReader(_slice) {
         var that = this;
@@ -117,7 +118,20 @@ function UploadToCollection($scope, $filter, $q, $timeout,
             // resolve(locator) when the block is accepted by the
             // proxy.
             _deferred = $.Deferred();
-            goSend();
+            if (proxyUriBase().match(/^http:/) &&
+                window.location.origin.match(/^https:/)) {
+                // In this case, requests will fail, and no ajax
+                // success/fail handlers will be called (!), which
+                // will leave our status saying "uploading" and the
+                // user waiting for something to happen. Better to
+                // give up now.
+                _deferred.reject({
+                    textStatus: 'error',
+                    err: 'server setup problem (proxy ' + proxyUriBase() + ' cannot be used from origin ' + window.location.origin + ')'
+                });
+            } else {
+                goSend();
+            }
             return _deferred.promise();
         }
         function stop() {
@@ -401,7 +415,7 @@ function UploadToCollection($scope, $filter, $q, $timeout,
                      ? (' (from ' + reason.xhr.options.url + ')')
                      : '') +
                     ': ' +
-                    (reason.err || ''));
+                    (reason.err || defaultErrorMessage));
             if (reason.xhr && reason.xhr.responseText)
                 that.stateReason += ' -- ' + reason.xhr.responseText;
             _deferred.reject(reason);
diff --git a/apps/workbench/test/integration/collection_upload_test.rb b/apps/workbench/test/integration/collection_upload_test.rb
index a240576..3f201b7 100644
--- a/apps/workbench/test/integration/collection_upload_test.rb
+++ b/apps/workbench/test/integration/collection_upload_test.rb
@@ -67,6 +67,44 @@ class CollectionUploadTest < ActionDispatch::IntegrationTest
     end
   end
 
+  test "Report mixed-content error" do
+    skip 'Test suite does not use TLS'
+    need_selenium "to make file uploads work"
+    begin
+      use_token :admin
+      proxy = KeepService.find(api_fixture('keep_services')['proxy']['uuid'])
+      proxy.update_attributes service_ssl_flag: false
+    end
+    visit page_with_token 'active', sandbox_path
+    find('.nav-tabs a', text: 'Upload').click
+    attach_file 'file_selector', testfile_path('foo.txt')
+    assert_selector 'button:not([disabled])', text: 'Start'
+    click_button 'Start'
+    using_wait_time 5 do
+      assert_text :visible, 'server setup problem'
+      assert_text :visible, 'cannot be used from origin'
+    end
+  end
+
+  test "Report CORS problem or network error" do
+    need_selenium "to make file uploads work"
+    begin
+      use_token :admin
+      proxy = KeepService.find(api_fixture('keep_services')['proxy']['uuid'])
+      # Even if you somehow do port>2^16, surely nx.example.net won't respond
+      proxy.update_attributes service_host: 'nx.example.net', service_port: 99999
+    end
+    visit page_with_token 'active', sandbox_path
+    find('.nav-tabs a', text: 'Upload').click
+    attach_file 'file_selector', testfile_path('foo.txt')
+    assert_selector 'button:not([disabled])', text: 'Start'
+    click_button 'Start'
+    using_wait_time 5 do
+      assert_text :visible, 'CORS'
+      assert_text :visible, 'network error'
+    end
+  end
+
   protected
 
   def aproject_path

commit 4d71b77be419a60d8dd64d16ebeb4b83be5cb97d
Author: Tom Clegg <tom at curoverse.com>
Date:   Mon Mar 9 13:59:09 2015 -0400

    5182: Advise adding CORS headers to proxy error responses.

diff --git a/doc/install/install-keepproxy.html.textile.liquid b/doc/install/install-keepproxy.html.textile.liquid
index 43c1c67..9e8f878 100644
--- a/doc/install/install-keepproxy.html.textile.liquid
+++ b/doc/install/install-keepproxy.html.textile.liquid
@@ -64,6 +64,21 @@ Because the Keepproxy is intended for access from anywhere on the internet, it i
 
 This is best achieved by putting a reverse proxy with SSL support in front of Keepproxy. Keepproxy itself runs on port 25107 by default; your reverse proxy can run on port 443 and pass requests to Keepproxy on port 25107.
 
+If possible, the proxy should be configured to add CORS headers to its own error responses -- otherwise in-browser applications can't report proxy errors. For example, in nginx >= 1.7.5:
+
+<notextile><pre>
+server {
+  server_name keep.example.com
+  ...
+  add_header 'Access-Control-Allow-Methods' 'GET, HEAD, POST, PUT, OPTIONS' always
+  add_header 'Access-Control-Allow-Origin' '*' always
+  add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Length, Content-Type, X-Keep-Desired-Replicas' always
+  add_header 'Access-Control-Max-Age' '86486400' always
+}
+</pre></notextile>
+
+*Warning:* Make sure you don't inadvertently add CORS headers for services _other than keepproxy_ while you're doing this.
+
 h3. Tell the API server about the Keepproxy server
 
 The API server needs to be informed about the presence of your Keepproxy server. Please execute the following commands on your <strong>shell server</strong>.

-----------------------------------------------------------------------


hooks/post-receive
--

More information about the arvados-commits mailing list