no headers on cross-domain chunk upload
DomrachevIvan opened this issue · 3 comments
in
#108
'ngx_http_upload_add_headers' were removed near NGX_HTTP_CREATED.
the result is a bit bad.
I have to use crossdomain upload (from 'www' to 'b' subdomain). so I add some
upload_add_header Access-Control-Allow...
to nginx config.
on OPTIONS request from browser there are all Access-Control-Allow... as they should be.
if a file is small enough and upload is only one POST request - everything is fine.
but when file is big and browser do file upload in separate chunks, reply on chunk upload is 201 created and there are no Access-Control-Allow... headers.
so Chrome, for example, do not like it and stop to upload others chunks.
Chrome console:
Access to XMLHttpRequest at 'https://b....' from origin 'https://www....' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Credentials' header in the response is '' which must be 'true' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
there is not a big comment on that commit, so I can't guess the reason of remove 'ngx_http_upload_add_headers'. may be it can be back.
Agree, moving ngx_http_upload_add_headers from ngx_http_upload_body_handler to ngx_http_upload_finish_handler is not correct in another way: ngx_http_upload_finish_handler is called for each part when a part is finished, whereas ngx_http_upload_body_handler is called when the entire body is finished. I think it must be moved back.
I've made a fix for this issue. Please test.
tested.
now it's fine. headers on right places. chrome is happy.
thank you!