Closed chris001 closed 2 years ago
mbabker
commented
4 years ago Works fine for me on last stable release of Firefox. Please check your browser's network tab in the developer tools for more details about the failing HTTP requests or check with another browser to determine if this is a local network or client issue or an issue related to forthcoming changes in the Firefox browser.
chris001
commented
4 years ago IFW works on MS Edge browser, yet fails on Firefox Beta 73.0b1. This is a sign that the IFW plugin needs updating very quickly to become compatible with the soon coming Firefox security upgrades.
mbabker
commented
4 years ago Without concrete information on what changes have been made (if any) that impact the plugin's usability, there isn't much to go from here other than "yeah, it might break with next browser version". And I for one am not going to blindly spend time downloading beta browsers onto my workstations and trying to reverse engineer vague error messages into actionable tasks, I've already wasted enough time this year on chasing my tail dealing with cryptic and useless messages (and yes, I realize we are 7 days into the year, that is how frustrating the tail chasing I've done has been).
chris001
commented
4 years ago @mbabker
Can you try modifying the server IFW code as follows, to make it compatible with the secure CORS RFC implemented by Firefox:
Set the header Access-Control-Allow-Origin: *.
You can set the header in Apache, Nginx, or your IFW server plugin PHP code directly:
PHP: https://enable-cors.org/server_php.html
Apache: https://enable-cors.org/server_apache.html
Nginx: https://enable-cors.org/server_nginx.html
Why? See the following CORS flow:
https://appscdn.joomla.org/webapps/index.php?format=json&option=com_apps&view=dashboard&product=Sm9vbWxhIQ==&release=NC4w&dev_level=MC1hbHBoYTEy&list=grid&lang=ZW4tR0I=HTTP OPTIONS request, to detect whether or not pages on usersjoomlawebsite.com would be allowed to directly access server resources hosted on appscdn.joomla.org.Access-Control-Allow-Origin: * or Access-Control-Allow-Origin: usersjoomlawebsite.com, then the browser will allow the loading on the resource from appscdn.joomla.org into the page displayed in the joomla admin site user's browser. If not, the browser returns an error to your IFW plugin's javascript's Ajax request.mbabker
commented
4 years ago That header's already set. Response headers for that IFW URL coming out of my browser:
HTTP/1.1 200 OK
Date: Wed, 08 Jan 2020 16:53:30 GMT
Content-Type: text/plain; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/7.2.26
Expires: Wed, 17 Aug 2005 00:00:00 GMT
Last-Modified: Wed, 08 Jan 2020 16:53:29 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0,public
Vary: User-Agent
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: *
Access-Control-Allow-Headers: *
Server: NetDNA-cache/2.2
X-Cache: MISS
Content-Encoding: gzipI just installed 73.0b2 and IFW is working just fine on the sites I'm testing against. Are you sure you don't have a browser plugin blocking it?
chris001
commented
4 years ago I found the culprit! On Firefox, you need to click on the EFF's "Privacy Badger" built in extension's icon (in the right side of the toolbar), and click on the green part of the sliders next to both appscdn.joomla.org and extensionscdn.joomla.org, to enable loading both URLs. Otherwise, by default, EFF Privacy Badger blocks these URLs as possible "trackers".
HLeithner
commented
2 years ago Closing this since it seems to be solved.
The newest "Install From Web plugin v 2.0.1" fails
Can't connect to the Joomla! server. Please try again later.