Access Control Allow Origin

[Tyler Palsulich <tp...@gmail.com>]

Hi Folks,

I took a stab at creating an example website to submit a file to the form
resource of our VM. See http://tpalsulich.github.io/TikaExamples/.

If I try to use AJAX to submit the request to make the page prettier (see
the script in the head of the page (with ev.preventDefault() commented
out), I get the following error:

XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://tpalsulich.github.io' is therefore not allowed access. The
response had HTTP status code 400.

We can't allow the tika-server response header to accept "*" in general,
since that isn't secure. So, would there be interest in including this sort
of site on the VM? Then, the AJAX request won't be external and we won't
have this error.

The version button just takes you to the version resource on the VM
(doesn't do anything with the file).

Tyler

Re: Access Control Allow Origin

[Tyler Palsulich <tp...@gmail.com>]

I'll change the option to -C right now. Just looked closer -- TIKA-1426 is
to provide a config for the server and app on the command line.

Tyler

On Wed, Apr 1, 2015 at 11:22 AM, Allison, Timothy B. <ta...@mitre.org>
wrote:

> Might be thinking of TIKA-944?
>
> Mind if we switch the CORS short option to -C and use "-c" for the tika
> config file?
>
> -----Original Message-----
> From: Tyler Palsulich [mailto:tpalsulich@gmail.com]
> Sent: Wednesday, April 01, 2015 11:13 AM
> To: dev@tika.apache.org
> Subject: Re: Access Control Allow Origin
>
> Thank you for the feedback!
>
> I think there's an issue (don't remember the number) to be able to specify
> a TikaConfig file for tika-server. So, I think that would be the ideal
> place to put more complex CORS configuration.
>
> Tyler
>
> On Wed, Apr 1, 2015 at 6:02 AM, Sergey Beryozkin <sb...@gmail.com>
> wrote:
>
> > Hi Tyler
> >
> > Sorry for a delay, I was off for the last few days,
> > The change you did looks fine, the filter can check the annotations or
> can
> > be configured directly (which is what you did).
> > It might make sense to consider checking a (Java) properties resource as
> a
> > possible future enhancement, as a CORS filter may have many properties,
> > May be if a '-cors' is provided then check a well-known class resource
> > where all of the cors properties are set, if it is absent - default to
> '*'
> > otherwise work with Properties...
> > The current approach works too, might be tricky to extend it to support
> > more properties but great for a start
> >
> > Thanks, Sergey
> >
> >
> >
> >
> >
> > On 27/03/15 18:56, Tyler Palsulich wrote:
> >
> >> Thank you, Sergey! I didn't know about that feature. I am going to try
> to
> >> work up a patch this weekend which enables CORS. I'll let you know if I
> >> run
> >> into any issues.
> >>
> >> Thanks again,
> >> Tyler
> >>
> >> On Thu, Mar 26, 2015 at 2:39 AM, Mattmann, Chris A (3980) <
> >> chris.a.mattmann@jpl.nasa.gov> wrote:
> >>
> >>
> >>>
> >>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >>> Chris Mattmann, Ph.D.
> >>> Chief Architect
> >>> Instrument Software and Science Data Systems Section (398)
> >>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
> >>> Office: 168-519, Mailstop: 168-527
> >>> Email: chris.a.mattmann@nasa.gov
> >>> WWW:  http://sunset.usc.edu/~mattmann/
> >>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >>> Adjunct Associate Professor, Computer Science Department
> >>> University of Southern California, Los Angeles, CA 90089 USA
> >>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> -----Original Message-----
> >>> From: Tyler Palsulich <tp...@gmail.com>
> >>> Reply-To: "dev@tika.apache.org" <de...@tika.apache.org>
> >>> Date: Tuesday, March 24, 2015 at 3:41 PM
> >>> To: "dev@tika.apache.org" <de...@tika.apache.org>
> >>> Subject: Access Control Allow Origin
> >>>
> >>>  Hi Folks,
> >>>>
> >>>> I took a stab at creating an example website to submit a file to the
> >>>> form
> >>>> resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
> >>>>
> >>>> If I try to use AJAX to submit the request to make the page prettier
> >>>> (see
> >>>> the script in the head of the page (with ev.preventDefault() commented
> >>>> out), I get the following error:
> >>>>
> >>>> XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
> >>>> 'Access-Control-Allow-Origin' header is present on the requested
> >>>> resource.
> >>>> Origin 'http://tpalsulich.github.io' is therefore not allowed access.
> >>>> The
> >>>> response had HTTP status code 400.
> >>>>
> >>>> We can't allow the tika-server response header to accept "*" in
> general,
> >>>> since that isn't secure. So, would there be interest in including this
> >>>> sort
> >>>> of site on the VM? Then, the AJAX request won't be external and we
> won't
> >>>> have this error.
> >>>>
> >>>> The version button just takes you to the version resource on the VM
> >>>> (doesn't do anything with the file).
> >>>>
> >>>> Tyler
> >>>>
> >>>
> >>>
> >>>
> >>
> >
>

RE: Access Control Allow Origin

["Allison, Timothy B." <ta...@mitre.org>]

Might be thinking of TIKA-944?

Mind if we switch the CORS short option to -C and use "-c" for the tika config file?

-----Original Message-----
From: Tyler Palsulich [mailto:tpalsulich@gmail.com] 
Sent: Wednesday, April 01, 2015 11:13 AM
To: dev@tika.apache.org
Subject: Re: Access Control Allow Origin

Thank you for the feedback!

I think there's an issue (don't remember the number) to be able to specify
a TikaConfig file for tika-server. So, I think that would be the ideal
place to put more complex CORS configuration.

Tyler

On Wed, Apr 1, 2015 at 6:02 AM, Sergey Beryozkin <sb...@gmail.com>
wrote:

> Hi Tyler
>
> Sorry for a delay, I was off for the last few days,
> The change you did looks fine, the filter can check the annotations or can
> be configured directly (which is what you did).
> It might make sense to consider checking a (Java) properties resource as a
> possible future enhancement, as a CORS filter may have many properties,
> May be if a '-cors' is provided then check a well-known class resource
> where all of the cors properties are set, if it is absent - default to '*'
> otherwise work with Properties...
> The current approach works too, might be tricky to extend it to support
> more properties but great for a start
>
> Thanks, Sergey
>
>
>
>
>
> On 27/03/15 18:56, Tyler Palsulich wrote:
>
>> Thank you, Sergey! I didn't know about that feature. I am going to try to
>> work up a patch this weekend which enables CORS. I'll let you know if I
>> run
>> into any issues.
>>
>> Thanks again,
>> Tyler
>>
>> On Thu, Mar 26, 2015 at 2:39 AM, Mattmann, Chris A (3980) <
>> chris.a.mattmann@jpl.nasa.gov> wrote:
>>
>>
>>>
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Chris Mattmann, Ph.D.
>>> Chief Architect
>>> Instrument Software and Science Data Systems Section (398)
>>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
>>> Office: 168-519, Mailstop: 168-527
>>> Email: chris.a.mattmann@nasa.gov
>>> WWW:  http://sunset.usc.edu/~mattmann/
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Adjunct Associate Professor, Computer Science Department
>>> University of Southern California, Los Angeles, CA 90089 USA
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>>
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Tyler Palsulich <tp...@gmail.com>
>>> Reply-To: "dev@tika.apache.org" <de...@tika.apache.org>
>>> Date: Tuesday, March 24, 2015 at 3:41 PM
>>> To: "dev@tika.apache.org" <de...@tika.apache.org>
>>> Subject: Access Control Allow Origin
>>>
>>>  Hi Folks,
>>>>
>>>> I took a stab at creating an example website to submit a file to the
>>>> form
>>>> resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
>>>>
>>>> If I try to use AJAX to submit the request to make the page prettier
>>>> (see
>>>> the script in the head of the page (with ev.preventDefault() commented
>>>> out), I get the following error:
>>>>
>>>> XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
>>>> 'Access-Control-Allow-Origin' header is present on the requested
>>>> resource.
>>>> Origin 'http://tpalsulich.github.io' is therefore not allowed access.
>>>> The
>>>> response had HTTP status code 400.
>>>>
>>>> We can't allow the tika-server response header to accept "*" in general,
>>>> since that isn't secure. So, would there be interest in including this
>>>> sort
>>>> of site on the VM? Then, the AJAX request won't be external and we won't
>>>> have this error.
>>>>
>>>> The version button just takes you to the version resource on the VM
>>>> (doesn't do anything with the file).
>>>>
>>>> Tyler
>>>>
>>>
>>>
>>>
>>
>

Re: Access Control Allow Origin

[Tyler Palsulich <tp...@gmail.com>]

Thank you for the feedback!

I think there's an issue (don't remember the number) to be able to specify
a TikaConfig file for tika-server. So, I think that would be the ideal
place to put more complex CORS configuration.

Tyler

On Wed, Apr 1, 2015 at 6:02 AM, Sergey Beryozkin <sb...@gmail.com>
wrote:

> Hi Tyler
>
> Sorry for a delay, I was off for the last few days,
> The change you did looks fine, the filter can check the annotations or can
> be configured directly (which is what you did).
> It might make sense to consider checking a (Java) properties resource as a
> possible future enhancement, as a CORS filter may have many properties,
> May be if a '-cors' is provided then check a well-known class resource
> where all of the cors properties are set, if it is absent - default to '*'
> otherwise work with Properties...
> The current approach works too, might be tricky to extend it to support
> more properties but great for a start
>
> Thanks, Sergey
>
>
>
>
>
> On 27/03/15 18:56, Tyler Palsulich wrote:
>
>> Thank you, Sergey! I didn't know about that feature. I am going to try to
>> work up a patch this weekend which enables CORS. I'll let you know if I
>> run
>> into any issues.
>>
>> Thanks again,
>> Tyler
>>
>> On Thu, Mar 26, 2015 at 2:39 AM, Mattmann, Chris A (3980) <
>> chris.a.mattmann@jpl.nasa.gov> wrote:
>>
>>
>>>
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Chris Mattmann, Ph.D.
>>> Chief Architect
>>> Instrument Software and Science Data Systems Section (398)
>>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
>>> Office: 168-519, Mailstop: 168-527
>>> Email: chris.a.mattmann@nasa.gov
>>> WWW:  http://sunset.usc.edu/~mattmann/
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>> Adjunct Associate Professor, Computer Science Department
>>> University of Southern California, Los Angeles, CA 90089 USA
>>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>>
>>>
>>>
>>>
>>>
>>>
>>> -----Original Message-----
>>> From: Tyler Palsulich <tp...@gmail.com>
>>> Reply-To: "dev@tika.apache.org" <de...@tika.apache.org>
>>> Date: Tuesday, March 24, 2015 at 3:41 PM
>>> To: "dev@tika.apache.org" <de...@tika.apache.org>
>>> Subject: Access Control Allow Origin
>>>
>>>  Hi Folks,
>>>>
>>>> I took a stab at creating an example website to submit a file to the
>>>> form
>>>> resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
>>>>
>>>> If I try to use AJAX to submit the request to make the page prettier
>>>> (see
>>>> the script in the head of the page (with ev.preventDefault() commented
>>>> out), I get the following error:
>>>>
>>>> XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
>>>> 'Access-Control-Allow-Origin' header is present on the requested
>>>> resource.
>>>> Origin 'http://tpalsulich.github.io' is therefore not allowed access.
>>>> The
>>>> response had HTTP status code 400.
>>>>
>>>> We can't allow the tika-server response header to accept "*" in general,
>>>> since that isn't secure. So, would there be interest in including this
>>>> sort
>>>> of site on the VM? Then, the AJAX request won't be external and we won't
>>>> have this error.
>>>>
>>>> The version button just takes you to the version resource on the VM
>>>> (doesn't do anything with the file).
>>>>
>>>> Tyler
>>>>
>>>
>>>
>>>
>>
>

Re: Access Control Allow Origin

[Sergey Beryozkin <sb...@gmail.com>]

Hi Tyler

Sorry for a delay, I was off for the last few days,
The change you did looks fine, the filter can check the annotations or 
can be configured directly (which is what you did).
It might make sense to consider checking a (Java) properties resource as 
a possible future enhancement, as a CORS filter may have many properties,
May be if a '-cors' is provided then check a well-known class resource 
where all of the cors properties are set, if it is absent - default to 
'*' otherwise work with Properties...
The current approach works too, might be tricky to extend it to support 
more properties but great for a start

Thanks, Sergey




On 27/03/15 18:56, Tyler Palsulich wrote:
> Thank you, Sergey! I didn't know about that feature. I am going to try to
> work up a patch this weekend which enables CORS. I'll let you know if I run
> into any issues.
>
> Thanks again,
> Tyler
>
> On Thu, Mar 26, 2015 at 2:39 AM, Mattmann, Chris A (3980) <
> chris.a.mattmann@jpl.nasa.gov> wrote:
>
>>
>>
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Chris Mattmann, Ph.D.
>> Chief Architect
>> Instrument Software and Science Data Systems Section (398)
>> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
>> Office: 168-519, Mailstop: 168-527
>> Email: chris.a.mattmann@nasa.gov
>> WWW:  http://sunset.usc.edu/~mattmann/
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>> Adjunct Associate Professor, Computer Science Department
>> University of Southern California, Los Angeles, CA 90089 USA
>> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>>
>>
>>
>>
>>
>>
>> -----Original Message-----
>> From: Tyler Palsulich <tp...@gmail.com>
>> Reply-To: "dev@tika.apache.org" <de...@tika.apache.org>
>> Date: Tuesday, March 24, 2015 at 3:41 PM
>> To: "dev@tika.apache.org" <de...@tika.apache.org>
>> Subject: Access Control Allow Origin
>>
>>> Hi Folks,
>>>
>>> I took a stab at creating an example website to submit a file to the form
>>> resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
>>>
>>> If I try to use AJAX to submit the request to make the page prettier (see
>>> the script in the head of the page (with ev.preventDefault() commented
>>> out), I get the following error:
>>>
>>> XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
>>> 'Access-Control-Allow-Origin' header is present on the requested resource.
>>> Origin 'http://tpalsulich.github.io' is therefore not allowed access. The
>>> response had HTTP status code 400.
>>>
>>> We can't allow the tika-server response header to accept "*" in general,
>>> since that isn't secure. So, would there be interest in including this
>>> sort
>>> of site on the VM? Then, the AJAX request won't be external and we won't
>>> have this error.
>>>
>>> The version button just takes you to the version resource on the VM
>>> (doesn't do anything with the file).
>>>
>>> Tyler
>>
>>
>

Re: Access Control Allow Origin

[Tyler Palsulich <tp...@gmail.com>]

Thank you, Sergey! I didn't know about that feature. I am going to try to
work up a patch this weekend which enables CORS. I'll let you know if I run
into any issues.

Thanks again,
Tyler

On Thu, Mar 26, 2015 at 2:39 AM, Mattmann, Chris A (3980) <
chris.a.mattmann@jpl.nasa.gov> wrote:

>
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Chris Mattmann, Ph.D.
> Chief Architect
> Instrument Software and Science Data Systems Section (398)
> NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
> Office: 168-519, Mailstop: 168-527
> Email: chris.a.mattmann@nasa.gov
> WWW:  http://sunset.usc.edu/~mattmann/
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> Adjunct Associate Professor, Computer Science Department
> University of Southern California, Los Angeles, CA 90089 USA
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
>
>
>
>
>
> -----Original Message-----
> From: Tyler Palsulich <tp...@gmail.com>
> Reply-To: "dev@tika.apache.org" <de...@tika.apache.org>
> Date: Tuesday, March 24, 2015 at 3:41 PM
> To: "dev@tika.apache.org" <de...@tika.apache.org>
> Subject: Access Control Allow Origin
>
> >Hi Folks,
> >
> >I took a stab at creating an example website to submit a file to the form
> >resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
> >
> >If I try to use AJAX to submit the request to make the page prettier (see
> >the script in the head of the page (with ev.preventDefault() commented
> >out), I get the following error:
> >
> >XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
> >'Access-Control-Allow-Origin' header is present on the requested resource.
> >Origin 'http://tpalsulich.github.io' is therefore not allowed access. The
> >response had HTTP status code 400.
> >
> >We can't allow the tika-server response header to accept "*" in general,
> >since that isn't secure. So, would there be interest in including this
> >sort
> >of site on the VM? Then, the AJAX request won't be external and we won't
> >have this error.
> >
> >The version button just takes you to the version resource on the VM
> >(doesn't do anything with the file).
> >
> >Tyler
>
>

Re: Access Control Allow Origin

["Mattmann, Chris A (3980)" <ch...@jpl.nasa.gov>]

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Chris Mattmann, Ph.D.
Chief Architect
Instrument Software and Science Data Systems Section (398)
NASA Jet Propulsion Laboratory Pasadena, CA 91109 USA
Office: 168-519, Mailstop: 168-527
Email: chris.a.mattmann@nasa.gov
WWW:  http://sunset.usc.edu/~mattmann/
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Adjunct Associate Professor, Computer Science Department
University of Southern California, Los Angeles, CA 90089 USA
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++






-----Original Message-----
From: Tyler Palsulich <tp...@gmail.com>
Reply-To: "dev@tika.apache.org" <de...@tika.apache.org>
Date: Tuesday, March 24, 2015 at 3:41 PM
To: "dev@tika.apache.org" <de...@tika.apache.org>
Subject: Access Control Allow Origin

>Hi Folks,
>
>I took a stab at creating an example website to submit a file to the form
>resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
>
>If I try to use AJAX to submit the request to make the page prettier (see
>the script in the head of the page (with ev.preventDefault() commented
>out), I get the following error:
>
>XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
>'Access-Control-Allow-Origin' header is present on the requested resource.
>Origin 'http://tpalsulich.github.io' is therefore not allowed access. The
>response had HTTP status code 400.
>
>We can't allow the tika-server response header to accept "*" in general,
>since that isn't secure. So, would there be interest in including this
>sort
>of site on the VM? Then, the AJAX request won't be external and we won't
>have this error.
>
>The version button just takes you to the version resource on the VM
>(doesn't do anything with the file).
>
>Tyler

Re: Access Control Allow Origin

[Sergey Beryozkin <sb...@gmail.com>]

Hi,
Can this CXF filter help ? :

https://git-wip-us.apache.org/repos/asf?p=cxf.git;a=blob;f=rt/rs/security/cors/src/main/java/org/apache/cxf/rs/security/cors/CrossOriginResourceSharingFilter.java;h=5c15836ca717b45ce832c5f80d8d766121f2216a;hb=HEAD

Annotations based approach is also possible.
May be a -cors option can be passed to Tika Server which will react to 
it by registering a CORS filter setup with the custom CORS properties ?

Sergey
On 24/03/15 22:41, Tyler Palsulich wrote:
> Hi Folks,
>
> I took a stab at creating an example website to submit a file to the form
> resource of our VM. See http://tpalsulich.github.io/TikaExamples/.
>
> If I try to use AJAX to submit the request to make the page prettier (see
> the script in the head of the page (with ev.preventDefault() commented
> out), I get the following error:
>
> XMLHttpRequest cannot load http://162.242.228.174:9998/tika/form. No
> 'Access-Control-Allow-Origin' header is present on the requested resource.
> Origin 'http://tpalsulich.github.io' is therefore not allowed access. The
> response had HTTP status code 400.
>
> We can't allow the tika-server response header to accept "*" in general,
> since that isn't secure. So, would there be interest in including this sort
> of site on the VM? Then, the AJAX request won't be external and we won't
> have this error.
>
> The version button just takes you to the version resource on the VM
> (doesn't do anything with the file).
>
> Tyler
>