[NXP-28599] Blob properties should expose final URL if possible - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Major
Resolution: Fixed
Affects Version/s: 8.10-HF46, 9.10-HF40, 10.10-HF21
Fix Version/s: 10.10-HF23, 11.1, 2021.0
Component/s: Web API (REST or WS*), Web Common

Release Notes Summary:
Blob properties can expose a final URL with a parameter.
Tags:
- CustomerOrigin
- watchedByNCO
Impact type:

Configuration Change
Upgrade notes:
Hide

If a document's blob provider is configured for direct download, it's now possible to get direct links to the final download URL (to S3 or CloudFront typically) returned in the JSON document output.

To activate this feature, the following must be configured:

<require>org.nuxeo.ecm.core.io.download.DownloadService</require> <extension target="org.nuxeo.runtime.ConfigurationService" point="configuration"> <property name="org.nuxeo.download.url.follow.redirect">true</property> </extension>
Show
If a document's blob provider is configured for direct download, it's now possible to get direct links to the final download URL (to S3 or CloudFront typically) returned in the JSON document output. To activate this feature, the following must be configured: <require> org.nuxeo.ecm.core.io.download.DownloadService </require> <extension target= "org.nuxeo.runtime.ConfigurationService" point= "configuration" > <property name= "org.nuxeo.download.url.follow.redirect" > true </property> </extension>
Team:
FG
Sprint:
nxFG 11.1.12

Description

Currently, when we marshall a Blob property in JSON, we give the DownloadHelper based URL.

When S3 DirectUpload/Download is configured, the client is then redirected (302) to the S3 URL (can be Cloudfront): https://github.com/nuxeo/nuxeo/blob/master/nuxeo-core/nuxeo-core-io/src/main/java/org/nuxeo/ecm/core/io/marshallers/json/document/DocumentPropertyJsonWriter.java#L311

However in some cases, when the blob is requested through an AJAX request, it ends up in a CORS error because the Origin header is lost during the redirect (cf https://stackoverflow.com/questions/30193851/ajax-call-following-302-redirect-sets-origin-to-null).

NOTE that this problem only occurs if the webapp and the Nuxeo server run on different domains, as in this situation the webapp makes a first cross-origin request to Nuxeo, which does a redirect to another cross-origin domain (at which point the Origin is set to null — this is per spec and done to avoid CSRF issues in case of a compromised server doing rogue redirects).

When we can, we should directly give the S3 of CloudFront pre-signed URL to download the blob.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

nuxeo-core-io-10.10-HF21-NXP-28599-beta1.diff
2 kB
2020-02-03 18:03
nuxeo-core-io-10.10-HF21-NXP-28599-beta1.jar
260 kB
2020-02-03 18:03

Issue Links

causes

WEBUI-371 Fix Direct Edit when platform API returns final URL of blobs

Open

is related to

NXP-31987 Add a nuxeo.conf property to expose the final Blob URL

Resolved

ELEMENTS-1630 Fix direct download URL failing with appended clientReason parameter

Resolved

WEBUI-1171 Fix direct download URL failing with appended clientReason parameter

Resolved

NXP-28920 Thumbnail JSON enricher should expose final URL if possible

Open

Is referenced in

PR for master: #4165

PR for master: #4294

(2 Is referenced in)

Activity

People

Assignee:

Florent Guillaume

Reporter:

Damien Metzler

Participants:

Damien Metzler, Florent Guillaume, Jenkins, Support Tech User

Votes:

0 Vote for this issue

Watchers:

5 Start watching this issue

Dates

Created:

2020-02-03 09:50

Updated:

2023-07-11 12:45

Resolved:

2020-03-02 14:11

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: