Have cors settings changed?

[meetar]

Congratulations on the new terrain release!

We're using your tiles in a few of our projects, and while the tilesets loaded as regular Leaflet layers still work, some tiles loaded for use as WebGL textures are now failing with cors errors:

Redirect at origin 'https://a.dyn.tile.stamen.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access.

An example scene: http://tangrams.github.io/tangram-frame/?url=https://tangrams.github.io/differ-tests/unit-tests/sources/sources-raster.yaml&lib=0.8#5/49.611/-56.470

Did the cors settings on your tiles change with the last release?

[mojodna]

Not on endpoints directly, but they're not present on the intermediate redirects... Good catch.

*.b.tile.stamen.com (where the redirect chain ends up) now has them configured in S3.

[mojodna]

Thanks for catching this. It's been a problem since we launched in July but exacerbated recently because we just pushed changes to the hillshades.

Sample request with CORS enabled:

$ curl -i https://a.dyn.tile.stamen.com/terrain/12/656/1582.png
HTTP/1.1 302 Found
Content-Type: text/plain
Content-Length: 0
Connection: keep-alive
Date: Fri, 02 Sep 2016 15:51:10 GMT
Access-Control-Allow-Origin: *
Location: http://b.b.tile.stamen.com/terrain/12/656/1582.png
x-amzn-RequestId: 1196c1ff-7125-11e6-b604-359ef4ad8a23
X-Cache: Miss from cloudfront
Via: 1.1 3d3d633d266d05d90a4eea7a6a59b514.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Jh4mk6Panf-D-0vHmoZOUq5IcriYcyffMxfYxN2HJzDscxhui2rYZg==

[meetar]

Great, cheers!