search

crobertsbmw / deckofcards

An API to simulate a deck of cards
MIT License
1.34k stars 335 forks source link

CORS errors on .png files #76

Closed donbraffitt closed 4 years ago

donbraffitt commented 4 years ago

I had CORS errors when I first started using deckofcards back in 2018, but you fixed the problem (#54 18-Oct-2018), and everything has worked fine until recently when the CORS errors have returned:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://deckofcardsapi.com/static/img/AC.png. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Here's my Javascript file that is once again getting CORS errors:

https://willbraffitt.org/don/2020/draw.html

This particular file just tries to load and display the card images.

Don Braffitt

tyliggity commented 4 years ago

Hmm, you know I don't run into this problem but I'm using JavaScript to actually create the img tags and add them to the DOM programmatically. Doing this, you just set the src attribute of the new element and you don't get blocked by CORS, at least I'm not and I'm on localhost. Perhaps localhost is allowed under CORS.

However, I do get this message in Chrome about the cookie that CloudFlare is sending:

A cookie associated with a cross-site resource at http://cloudflare.com/ was set without the `SameSite` attribute. A future release of Chrome will only deliver cookies with cross-site requests if they are set with `SameSite=None` and `Secure`. You can review cookies in developer tools under Application>Storage>Cookies and see more details at https://www.chromestatus.com/feature/5088147346030592 and https://www.chromestatus.com/feature/5633521622188032.
donbraffitt commented 4 years ago

I thought the CloudFlare cookie issue might be related to how I loaded p5.js, so I switched to a copy of that Javascript file on my server, but the CORS errors remain.

I switched from

to

crobertsbmw commented 4 years ago

That's my bad. Sorry. This was originally hosted on AWS, but I found I could get more bang for my buck on digital ocean, so I migrated it over there, and my nginx file wasn't quite setup the same. I think I have it fixed now. Let me know if it's working again and I'll close the issue.

Thanks, Chase

tyliggity commented 4 years ago

Nice move to DO 😏. Nginx config has always been cryptic for me. I switched to Caddy and never looked back. It's easy, modern, gives auto HTTPS, etc. Of course, nginx is a classic.

donbraffitt commented 4 years ago

I'm still getting:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://deckofcardsapi.com/static/img/AC.png. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

crobertsbmw commented 4 years ago

Alright. I think I got it sorted out for real this time. I'm using cloudflare and apparently they were caching everything, so I had to go in and purge the cache to get it working again.

donbraffitt commented 4 years ago

Now it is working fine. Thanks!