Open temi opened 4 years ago
Removing X-Content-Type-Options: nosniff
is only a temporary workaround, not a fix. Either Option 2 or Option 3 should be implemented before closing this issue.
Collections-test is not showing usage stats when pointing to logger-test. I can see the request for a JSONP callback is not being wrapped in the JS method, as expected - its returning normal JSON.
Need to check if the JSONP is being done at app or Nginx level.
EDIT: app previously used the jsonp:0.2
plugin but not in newer Grails 3 version. Therefore need to implement this as a filter/interceptor.
@Rita-C I think can be done easily with a Grails interceptor. Here's an example with an old-style Filter:
Collections-test is not showing usage stats when pointing to logger-test. I can see the request for a JSONP callback is not being wrapped in the JS method, as expected - its returning normal JSON.
Collectory
updated, refer to https://github.com/AtlasOfLivingAustralia/collectory-plugin/issues/184
Enabled CORS in logger-service
Code all good.
Looks good in test, tried 6 different endpoints and all showed expected headers - see screenshot:
Some endpoints on logger like
service/reasonBreakdown.json
return with response headerContent-Type
set toapplication/json
. This happens even for JSONP requests. Browsers are smart to change to the correctContent-Type
,application/javascript
. However, for security reasons, server can disable auto content-type conversion by settingX-Content-Type-Options
header tonosniff
. Such requests are rejected by browser. At present, collectory makes the JSONP request to show statistics. This could fail and show no stats. There are a few ways to fix this issue -X-Content-Type-Options
header.