Cross-site loading errors

[weaverba137]

The prospect viewer uses the jpeg-cutout service, but lately, we have been seeing errors like this in the JavaScript console:

Obviously we need to change the links we use on the client side to https. I know the cross-site errors can be fixed but that has to be fixed on the server side.

This is urgent because modern browsers are being proactive about prohibiting links with errors like this, so it might not be long before the cutout service is entirely unusable.

CC: @armengau

[dstndstn]

Ahh, yes, can you try now? I just added the CORS headers to the viewer/ URLs. (It was already in the viewer-dev ones)

[weaverba137]

Thanks, we'll test that ASAP.

[armengau]

@dstndstn Thanks, well as of now I cannot see the change:

• SLL errors when trying to load a jpeg-cutout with https : with both viewer and viewer-dev. The jpeg-cutout is never loaded.

• Using http requests (which I understand we shouldn't):

1. console.log always says [Error] Failed to load resource: Cross-origin redirection to https://www.legacysurvey.org/viewer-dev/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=lss-dr9 denied by Cross-Origin Resource Sharing policy: Origin https://jupyter.nersc.gov is not allowed by Access-Control-Allow-Origin. (jpeg-cutout, line 0)
2. Sometimes the jpeg-cutoff is still allowed to be displayed, sometimes not, it seems to be somewhat random, independent of using viewer or viewer-dev.

[dstndstn]

You have a typo in the URL above -- layer=lss-dr9 should be layer=ls-dr9

[dstndstn]

> wget -S --header="Origin: https://jupyter.nersc.gov" "https://www.legacysurvey.org/viewer-dev/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9"
--2021-01-15 09:41:16--  https://www.legacysurvey.org/viewer-dev/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9
Resolving www.legacysurvey.org (www.legacysurvey.org)... 128.55.206.24, 128.55.206.26
Connecting to www.legacysurvey.org (www.legacysurvey.org)|128.55.206.24|:443... connected.
HTTP request sent, awaiting response...
  HTTP/1.1 200 OK
  server: nginx/1.17.2
  date: Fri, 15 Jan 2021 14:41:17 GMT
  content-type: image/jpeg
  content-length: 29795
  expires: Fri, 15 Jan 2021 15:41:17 GMT
  last-modified: Fri, 15 Jan 2021 14:41:17 GMT
  access-control-allow-origin: *
  strict-transport-security: max-age=31536000
Length: 29795 (29K) [image/jpeg]
Saving to: ‘jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9.6’

jpeg-cutout?ra=214.371272&dec=51.853672& 100%[=================================================================================>]  29.10K  --.-KB/s    in 0.09s

2021-01-15 09:41:17 (334 KB/s) - ‘jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9.6’ saved [29795/29795]

Notice the access-control-allow-origin: * in the server response.

[armengau]

Thanks for this example ! Indeed the request was http[s]://legacyviewer.... => switching to https://www.legacyviewer... seems to solve the issues.

I will test extensively to make sure all works.

[armengau]

After testing combinations:

• requesting layer-dr8, with https, I don't have any error/warning anymore, good.

• With [ls-]dr9:

  1. https://www.legacysurvey.org/viewer-dev/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9 > ok
  2. https://www.legacysurvey.org/viewer/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9 > OSError at jpeg cutout
  3. https://www.legacysurvey.org/viewer[-dev]/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=dr9 > no such layer

So the last question is: is it fine to use "viewer-dev" in prospect ? Maybe not on the long run.

[dstndstn]

DR9 is not officially released yet (SOON!, we promise), so "viewer" failing with "ls-dr9" is expected. And "dr9" failing is expected, because that's not its name :)

cheers, --dustin

On Fri, Jan 15, 2021 at 10:11 AM Eric Armengaud notifications@github.com wrote:

After testing combinations:

-

requesting layer-dr8, with https, I don't have any error/warning anymore, good.

With [ls-]dr9:

1. https://www.legacysurvey.org/viewer-dev/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9

ok 2. https://www.legacysurvey.org/viewer/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=ls-dr9 OSError at jpeg cutout 3. https://www.legacysurvey.org/viewer[-dev]/jpeg-cutout?ra=214.371272&dec=51.853672&zoom=13&layer=dr9 no such layer

So the last question is: is it fine to use "viewer-dev" in prospect ? Maybe not on the long run.

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/legacysurvey/imagine/issues/76#issuecomment-760997439, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAIEH7O4Y23TRL2RU3NBTTTS2BLIVANCNFSM4WCUYSRQ .

[armengau]

Ok, thanks Eric

[dstndstn]

ls-dr9 is now available in the main "viewer" site.

[weaverba137]

@dstndstn, I think this has been fixed for a while now. Is there any reason it's still open?

[dstndstn]

No good reason!