search

racket / racket-pkg-website

A frontend for the Racket Package Catalog.
Other
9 stars 15 forks source link

Need CORS headers on pkgn resources for access by pkgd #10

Closed tonyg closed 7 years ago

tonyg commented 7 years ago

After logging in to pkgn (i.e. after it has started talking to us via pkgd), I see errors like this in the JS console:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://pkgn.racket-lang.org/bootstrap/fonts/glyphicons-halflings-regular.woff. (Reason: CORS header 'Access-Control-Allow-Origin' missing). Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://pkgn.racket-lang.org/bootstrap/fonts/glyphicons-halflings-regular.ttf. (Reason: CORS header 'Access-Control-Allow-Origin' missing).

The visible symptoms are missing-glyph marks whereever we use glyphicons in the design.

I conclude that the static resources served by pkgn's S3 bucket need to have CORS headers added.

Here are Amazon's instructions for the XML configuration language we now have the privilege of learning and using. (I wonder if it can also be done via s3cmd? Perhaps, but perhaps not; I don't know whether OPTIONS headers can be configured that way. Probably best to suck it up and do the XML thing.)

tonyg commented 7 years ago

I think this might be all we need:

<CORSConfiguration>
 <CORSRule>
   <AllowedOrigin>*</AllowedOrigin>
   <AllowedMethod>GET</AllowedMethod>
   <AllowedHeader>*</AllowedHeader>
 </CORSRule>
</CORSConfiguration>

Oh sweet, looks like this can be done using the API: http://docs.aws.amazon.com/AmazonS3/latest/dev/EnableCorsUsingREST.html

tonyg commented 7 years ago

Argh, it's not working on the live site (though works fine in my dev setup now, where without 5463a1e, it wasn't working).

Maybe it's because of this?

Of the advice offered at that page, the first option looks doable, the second not so much. So I will experiment with adding a spurious query parameter to the URLs in the stylesheet and see what happens.

jeapostrophe commented 7 years ago

I clicked the "Purge Everything" button.

On Tue, Aug 9, 2016 at 6:28 PM, Tony Garnock-Jones <notifications@github.com

wrote:

Reopened #10 https://github.com/tonyg/racket-pkg-website/issues/10.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/tonyg/racket-pkg-website/issues/10#event-750560768, or mute the thread https://github.com/notifications/unsubscribe-auth/AAOM-ur8NRVZsm230JDvj_O7wZtK5R2wks5qeP8VgaJpZM4JbOSj .

Jay McCarthy Associate Professor PLT @ CS @ UMass Lowell http://jeapostrophe.github.io

       "Wherefore, be not weary in well-doing,
  for ye are laying the foundation of a great work.

And out of small things proceedeth that which is great."

tonyg commented 7 years ago

Oh! Yay! I think the "purge everything" has let the underlying fix show through! I now get glyphicons from http://pkgn, https://pkgn, and https://pkgd, as desired. No ugly URLs, no bodge jobs, I think we're good.

Thanks, Jay!