Description
We deployed 1.0.0-rc4 in a small test cluster with 3 masters/5 agents. Redirection to master curling for state.json returned the expected 307, however, in browser (chrome/safari/firefox), redirection failed with:
XMLHttpRequest cannot load <master_url_1>:5050/master/state. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<master_url_2>:5050' is therefore not allowed access.
This is the patch that introduced the redirect on /state (and HTTP calls): https://reviews.apache.org/r/34646
The issue is that before this change, the server side does not redirect, the web UI controller.js decides from the content of the state.json which leader to redirect and then invoke redirection itself. Browsers allow this but not the server side initiated redirect without 'Access-Control-Allow-Origin' header?
Attachments
Attachments
Issue Links
- is related to
-
MESOS-3796 Mesos Master and Agent http api should support configurable CORS headers
- Open
- relates to
-
MESOS-5912 Master should expose a public hostname for redirection
- Open
-
MESOS-5918 Replace jsonp with a more secure alternative
- Open