Users can login to MySite with an SSO account credentials but cannot list, upload, download files because SV Authentication on the StorageVault is failing.
The authentication fails by default when MY Site and Storage Connector are located in different domains.
Problem
In the my.syncplicity site, users are unable to browse shared folders that are hosted оn StorageVaults with authentication (SVA) and cannot upload files to them.
The Developer tools Console of the browser displays an exception error related to CORS policy.
Access to XMLHttpRequest at <folder and server name> from origin <domain name> has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested source.
Cause
In Storage Connector 2.22.x, the Access-Control-Allow-Origin header is defined in property syncplicity.ws.cors in file /etc/syncp-storage/syncp-storage.conf
that is located in the Storage Connector virtual appliance.
The default value https://*.syncplicity.com
for property syncplicity.ws.cors contains a wildcard that is not properly interpreted. As a result, the Access-Control-Allow-Origin header is treated as invalid and the access control check fails.
Therefore, users cannot execute any operations on an SVA-protected StorageVault when My Site and Storage Connector are not in the same domain.
Solution
Remove the default value for property syncplicity.ws.cors and do not use values that contain wildcards.
- On the Storage Connector virtual appliance, open file
for
editing.
To edit in vi editor, run the following command:vi
/etc/syncp-storage/syncp-storage.conf
- Locate the
syncplicity.ws.cors
property and verify that its value does not contain wildcards.
The property type is semi-colon delimited. List all domains that you want to include for cross-domain resource sharing in StorageVaults with authentication.
For example,https://syncplicity.onelogin.com;https://1layer.syncplicity.com;https://my.syncplicity.com;https://eu.syncplicity.com;