action #159384
opencoordination #154768: [saga][ux] State-of-art user experience for openQA
coordination #159570: [epic] Better integration with other tooling
Add CORS headers size:S
Description
User story¶
Let's allow other web applications to use the openQA API.
Currently, web applications refuse to use the openQA API, because the CORS Access-Control-Allow-Origin
header is not set. See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin
Acceptance criteria¶
- AC1: Web-Applications can access the openQA API from web browsers, e.g. accessing https://openqa.suse.de/api/v1/jobs/14165616
Suggestion¶
- Add
Access-Control-Allow-Origin: *
(or more restrictive) to the http header- Possibly at the nginx/Apache level
- On OSD just add it with https://ubiq.co/tech-blog/set-access-control-allow-origin-cors-headers-apache/ and ask fniederwanger for confirmation
- Implement it in the mojo web app follow https://docs.mojolicious.org/Mojo/Headers#access_control_allow_origin
- Ask the OP what "other web applications" don't work
Further details¶
Updated by okurz 9 days ago
- Status changed from New to Feedback
- Assignee set to okurz
Literally just a handful of days after our last workshop session with the topic 'What are "acceptance criteria" - hint: they are not tasks' you come up with this AC which is not an AC :D
Please update the ticket description with an actual acceptance criterion, examples of where this triggers problems so that we know what we can check with and a use case.
Updated by ph03nix 5 days ago
okurz wrote in #note-3:
Please update the ticket description with an actual acceptance criterion, examples of where this triggers problems so that we know what we can check with and a use case.
If you really need a formalized check you need to write a custom Web application that will fetch resources from within the browser. This currently fails due to https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin.
Updated by okurz 5 days ago
- Description updated (diff)
- Status changed from Feedback to New
- Assignee deleted (
okurz) - Priority changed from Normal to Low
Rephrased "Acceptance criteria" to be a checkable criterion, not a task: "Web-Applications can access the openQA API from web browsers, e.g. accessing https://openqa.suse.de/api/v1/jobs/14165616". I hope that still catches what you would like to see.
Updated by ph03nix 5 days ago
okurz wrote in #note-6:
Rephrased "Acceptance criteria" to be a checkable criterion, not a task: "Web-Applications can access the openQA API from web browsers, e.g. accessing https://openqa.suse.de/api/v1/jobs/14165616". I hope that still catches what you would like to see.
ack.
Updated by mkittler about 10 hours ago
- Status changed from Workable to In Progress
- Assignee set to mkittler
Updated by mkittler about 10 hours ago
- Status changed from In Progress to Feedback
Ask the OP what "other web applications" don't work
I asked on Slack.
Implement it in the mojo web app follow https://docs.mojolicious.org/Mojo/Headers#access_control_allow_origin