Bug 196709 - [ews-build] Scripts using Buildbot API have CORS error
Summary: [ews-build] Scripts using Buildbot API have CORS error
Alias: None
Product: WebKit
Classification: Unclassified
Component: Tools / Tests (show other bugs)
Version: Other
Hardware: Unspecified Unspecified
: P2 Normal
Assignee: Aakash Jain
Keywords: InRadar
Depends on:
Reported: 2019-04-08 14:45 PDT by Aakash Jain
Modified: 2019-04-08 17:42 PDT (History)
6 users (show)

See Also:

Patch (1.07 KB, patch)
2019-04-08 14:48 PDT, Aakash Jain
no flags Details | Formatted Diff | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Aakash Jain 2019-04-08 14:45:38 PDT
Any script using Buildbot API will have CORS error, since buildbot is not setting CORS header appropriately. 

We need to set allowed_origins in Buildbot configuration as per: http://docs.buildbot.net/latest/manual/configuration/www.html#web-server
Comment 1 Aakash Jain 2019-04-08 14:45:45 PDT
Comment 2 Aakash Jain 2019-04-08 14:48:43 PDT
Created attachment 366985 [details]
Comment 3 Alexey Proskuryakov 2019-04-08 15:03:02 PDT
Comment on attachment 366985 [details]

View in context: https://bugs.webkit.org/attachment.cgi?id=366985&action=review

> Tools/BuildSlaveSupport/ews-build/master.cfg:14
> +c['www'] = dict(port=8010, allowed_origins=["*"])

This has security considerations that I wouldn't want to think through unless I have to.

What are the scripts that hit the error? Only JavaScript running in the browser is strictly subject to CORS. Some scripting also enables those checks, but that can always be disabled.
Comment 4 Alexey Proskuryakov 2019-04-08 16:35:24 PDT
Comment on attachment 366985 [details]

OK, I think that this is fine. We have the same rules on build.webkit.org anyway.
Comment 5 WebKit Commit Bot 2019-04-08 17:42:33 PDT
Comment on attachment 366985 [details]

Clearing flags on attachment: 366985

Committed r244060: <https://trac.webkit.org/changeset/244060>
Comment 6 WebKit Commit Bot 2019-04-08 17:42:34 PDT
All reviewed patches have been landed.  Closing bug.