Closed yasulab closed 7 years ago
yasulab
commented
7 years ago SlideShareが返してるヘッダー全部小文字だから弾かれるのかな、Safariだと問題ないですね>CORS
access-control-allow-credentials:false access-control-allow-headers: access-control-allow-methods:GET access-control-allow-origin: access-control-max-age:86400
yasulab
commented
7 years ago いたるところで「a case-sensitive match」になってるけど、RecommendationだからSafariは気にしてないって感じかなぁ🤔
If the value of Access-Control-Allow-Origin is not a case-sensitive match for the value of the Origin header as defined by its specification, return fail and terminate this algorithm. Cross-Origin Resource Sharing https://www.w3.org/TR/cors/
yasulab
commented
7 years ago 結論: こちら側での対応は難しそう。回避するか無視するかのどっちかかな🤔
hanachin
commented
7 years ago こちらでできるのはSlideShareへの問い合わせぐらいですね
yasulab
commented
7 years ago ダメ元で問い合わせしておきました! 📨
Hi, I have found that slideshare.net wrongly uses 'access-control-allow-origin: *' in the header. According to the specification, it should be case-sensitive.
If the value of Access-Control-Allow-Origin is not a case-sensitive match for the value of the Origin header as defined by its specification, return fail and terminate this algorithm. Cross-Origin Resource Sharing https://www.w3.org/TR/cors/
Because of this problem, for example, when you visit https://coderdojo.jp with Google Chrome, your console says the following error:
Access to Font at 'http://public.slidesharecdn.com/fonts/fontawesome-webfont.woff2?v=4.3.0?cb=1481840525' from origin 'http://www.slideshare.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.slideshare.net' is therefore not allowed access.
I hope this will be fixed soon.
Best, Yohei
yasulab
commented
7 years ago うーん、まぁ前例もあるからあまり期待してなかったけど、やっぱり対応してもらえなさそうでした😭 (SlideShareを使わないようにするのが早いかもなぁ🤔)
Hi Yohei,
Thank you for contacting me about having issues with our SlideShare API. SlideShare's API is available free for non-commercial use. Visit our Developers & API page for more information and to apply for an API Key. (http://www.slideshare.net/developers)
In the future, please get in direct contact with their Partner Engineering representative rather than using help.linkedin.com as we do not provide personalized support for the general developer community beyond the resources we make available on http://www.slideshare.net/developers or developer.linkedin.com (e.g. the FAQ, documentation, etc.) All the best,
Allison LCS Support Specialist - Mobile
yasulab
commented
7 years ago 頑張ってアレコレ必死に伝えたら、とりあえず escalation してもらえるようになった 😸
Thank you for the information and as stated, this particular issue will need to be escalated to our internal research team. I understand this may be frustrating but as soon as I get an update, I'll let you know.
(あとは向こうの判断にお任せかな🤔)
yasulab
commented
7 years ago お、なんと対応してくれるとのこと :) (yay)
Thanks for your patience while our research team looked into this. They have found that what you've encountered is a known issue and I'm very sorry for the inconvenience. Our engineering team is working on it but there's no estimate as to how long that might take. We'll do our best to keep you posted.
yasulab
commented
7 years ago こちら側でできるところことは全部やれたので、向こう側が対応することを祈りつつ、Issue としては閉じようと思います 🙏 (こちら側でできることはもう無さそうなので)
Facebook, Twitter, Hatena の embedded はうまくいったのに、なぜか www.slideshare.net の embedded だけが対応できない。どうしたものかなぁ... 🤔 (もしかして: SlideShare が HTTPS 対応していないのが関係している?)