Clojure Collector incompatibility with Tomcat 8.0.53 or above


#1

Summary

The Clojure Collector relies on the default CORS configuration provided by Tomcat which was recently updated in version 8.0.53 to remove * as the allowed origins as well as change supports credentials to false.

Unfortunately, this results in CORS requests being rejected by the Clojure Collector when running on Tomcat version 8.0.53 or above and consequently the subsequent POST requests which would have followed are not made.

Who is affected

You are affected if:

  • you’re running Tomcat version 8.0.53 or above, or
  • you’re running an AWS AMI containing such a version of Tomcat such as the latest one: Java 8 with Tomcat 8 version 3.0.2

How to avoid this issue

You can run the Clojure Collector in any of the versions before 8.0.53.

When will a fix be rolled out

A fix will be rolled out in a future release. You can check out the specific issue to follow our progress.


#2

#3

@BenFradet - thanks for the detailed summary.

We had collector instance fail last week and AWS just replaced it with a new one. Here’s hoping we weren’t upgraded to an affected version in addition to that.

Running enrichment now… Will report back here in case others are affected.

EDIT: All good! Stayed on Tomcat 8 with Java 8 running on 64bit Amazon Linux/2.7.1


#4

Hey @robkingston, good to hear.

We have a release candidate at s3://snowplow-hosted-assets/2-collectors/clojure-collector/clojure-collector-2.1.1-rc1-standalone.war if someone is affected.


#5

Hi @BenFradet, I am about to set up a fresh Clojure collector for a new project.
Would you say it would be best to use the 2.1.1-rc1 right away or I just try the 2.1.0 with one of the older Tomcat8 image versions below?


#6

Hey @pocin,

Yes if you can’t deploy 3.0.1 or below I would go with the release candidate unless you’re not making use of POST requests.