mirror of
https://github.com/scylladb/scylladb.git
synced 2026-05-29 19:21:01 +00:00
d905e71a90
This patch adds to Alternator support for the CORS (Cross-Origin Resource Sharing) protocol - a simple extension over the HTTP protocol which browsers use when Javascript code contacts HTTP-based servers. Although we usually think of Alternator as being used in a three-tier application, in some setups there is no middle layer and the user's browser, running Javascript code, wants to communicate directly with the database. However, for security reasons, by default Javascript loaded from domain X is not allowed to communicate with different domains Y. The CORS protocol is meant to allow this, and Alternator needs to participate in this protocol if it is to be used directly from Javascript in browsers. To implement CORS, Alternator needs to respond to the OPTIONS method which it didn't allow before - with certain headers based on the input headers. It also needs to do some of these things for the regular methods (mostly, POST). The patch includes a comprehensive test that runs against both Alternator and DynamoDB and shows that Alternator handles these headers and methods the same as DynamoDB. Additionally, I tested manually a Javascript DynamoDB client - which didn't work prior to this patch (the browser reported CORS errors), and works after this patch. Fixes #8025. Signed-off-by: Nadav Har'El <nyh@scylladb.com> Message-Id: <20210217222027.1219319-1-nyh@scylladb.com>