<div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr"></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_quote"><div dir="ltr" class="gmail_attr">---------- Marvin wrote ---------<br>From: <b class="gmail_sendername" dir="auto">Marvin Scholz</b> <span dir="auto"><<a href="mailto:epirat07@gmail.com" target="_blank">epirat07@gmail.com</a>></span><br>Date: Thu, 13 Feb 2020 at 22:51<br></div><br>On 13 Feb 2020, at 23:44, Chip wrote:<br>

><br>
> This is successful:<br>
><br>
> curl <a href="http://example.com:8000/status-json.xsl" rel="noreferrer" target="_blank">http://example.com:8000/status-json.xsl</a><br>
><br>
> But this:<br>
><br>
> curl -I <a href="http://example.com:8000/status-json.xsl" rel="noreferrer" target="_blank">http://example.com:8000/status-json.xsl</a><br>
><br>
> gives a Bad Request:<br>
><br>
> HTTP/1.0 400 Bad Request<br>
<br>
Hi,<br>
<br>
If they are using a PHP script I fail to see how CORS would involved here<br>
as that would be only relevant with JavaScript.<br>
<br>
The reason curl -I fails is because it does a HEAD request which is not<br>
supported.<br>
<br>
> If that is so, what would be the appropriate solution from the above to<br>
> remedy the problem?<br>
><br>
<br>
You can add additional headers in the Icecast config:<br>
<br>
    <http-headers><br>
        <header name="Access-Control-Allow-Origin" value="*" /><br>
    </http-headers><br>
<br>
See the documentation for more info:<br>
<br>
<a href="http://icecast.org/docs/icecast-2.4.1/config-file.html#global-headers" rel="noreferrer" target="_blank">http://icecast.org/docs/icecast-2.4.1/config-file.html#global-headers</a><br>
<br>
In Icecast 2.5 more advanced CORS handling will be possible.<br></div></div></blockquote><div><br></div><div>Thanks.</div><div><br></div><div>Perhaps it's not a CORS issue. I'm drowning and catching hold of anything to try to stay afloat.</div><div><br></div><div>Forget CORS then.</div><div><br></div><div>It appears that Icecast might be mangling the headers of the status-json.xslt file.</div><div><br></div><div>Curiously, if I serve the file over https from another Icecast server, I do not get a 400 Bad Request error:</div><div><br></div><div>

<div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">[chip@machine ~]# curl -I<span> </span><a href="https://example2.com:8001/status-json.xsl" target="_blank" style="color:rgb(17,85,204)">https://example2.com:8001/status-json.xsl </a></font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font style="background-color:rgb(255,255,0)" face="monospace">HTTP/1.0 200 OK</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Content-Type: application/json</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Content-Length: 983</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Content-Disposition: attachment; filename="file.json"</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Expires: Thu, 19 Nov 1981 08:52:00 GMT</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Cache-Control: no-store, no-cache, must-revalidate</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Pragma: no-cache</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Connection: Keep-Alive</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Access-Control-Allow-Origin: *</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type</font></div><div style="color:rgb(34,34,34);font-family:Arial,Helvetica,sans-serif;font-size:small;font-style:normal;font-variant-ligatures:normal;font-variant-caps:normal;font-weight:400;letter-spacing:normal;text-align:start;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;background-color:rgb(255,255,255);text-decoration-style:initial;text-decoration-color:initial;margin-left:40px"><font face="monospace">Access-Control-Allow-Methods: GET, OPTIONS, HEAD</font></div>

</div><div><br></div><div>The above appears to add some Access-Control elements.</div><div><br></div><div>Serving over https is actually irrelevant:</div><div><br></div><div style="margin-left:40px"><span style="font-family:monospace">[chip@machine ~]# curl -I <a href="http://example2.com:8000/status-json.xsl">http://example2.com:8000/status-json.xsl</a><br>HTTP/1.0 200 OK<br>Content-Type: application/json<br>Content-Length: 1010<br>Content-Disposition: attachment; filename="file.json"<br>Expires: Thu, 19 Nov 1981 08:52:00 GMT<br>Cache-Control: no-store, no-cache, must-revalidate<br>Pragma: no-cache<br>Connection: Keep-Alive<br>Access-Control-Allow-Origin: *<br>Access-Control-Allow-Headers: Origin, Accept, X-Requested-With, Content-Type<br>Access-Control-Allow-Methods: GET, OPTIONS, HEAD</span></div><div><br></div><div></div><div>The second version above works because Icecast is configured differently to the first example - indeed, they're different versions:</div><div><br></div><div>This doesn't work:</div><div><br></div><div style="margin-left:40px"><span style="font-family:monospace">[chip@machine]# icecast -v<br>Icecast 2.3.3-kh11-20150225150031</span></div><div><br></div><div>This one works with curl nicely:</div><div><br></div><div style="margin-left:40px"><span style="font-family:monospace">[chip@machine2]# icecast -v<br>Icecast 2.4.0-kh12-8-gc6e5d83</span></div><div><br></div><div>How easy is it to upgrade Icecast mid-flight on a production server? Can it be done seamlessly or what sort of downtime am I looking at?<br></div><div><br></div><div>Many thanks for your help</div><div><br></div><div>Chip                                          <br></div></div></div>