Here's the situation: some environments have more than one origin (host and/or domain) accessing the same underlying server. Part of this can be explained as a side effect of merging back-end/front-end repositories, and Heroku changing its routing situation. The main one is that www.streetmix.net is supposed to be the canonical version of streetmix.net now, and our name server doesn't let us do the A record or whatever it is that you need for a bare domain, except that Zerigo is probably letting us do it anyway, or whatever. The bottom line is, we are directing API calls to www.streetmix.net even when a person lands on streetmix.net, and this causes issues.
Locally, the same effect seems to happen because of the parity on localhost and 127.0.0.1.
And here's the effect:
When a fetch-a-street request (via jQuery AJAX) hits the backend and lands on the "find street" handler, it figures out the appropriate API URL and sends a 307 back to the browser with the new location. Browsers are supposed to handle this, and then jQuery figures out whether the response is a success or a failure. It turns out that browsers are doing different things:
Chrome redirects properly! Everyone is happy!
Firefox will fail the request unlesscrossDomain: true is set on the AJAX call.
Safari and IE (I believe) will fail the request all the time.
Translated to the yucky real world bug, it means a URL like this: http://streetmix.net/saikofish/87/a-reasonable-street (without the www. in front of it) will fail to load with a super unhelpful error on EVERY major browser except for Chrome!
For each of the failure scenarios, there is no failure if the redirection happens on the same origin as the request. The definition of origin is such that www.streetmix.net and streetmix.net are different origins, because the host name (www) differs, even though the domain does not. And localhost and 127.0.0.1 are clearly completely different in the eyes of the browser, even though they access the same server. So the workaround has been to change the domain (by putting a www. in front of streetmix for example). This did not feel good.
Because the redirect is handled at the browser layer, jQuery / front-end cannot be a reliable way to do solve the problem. Apparently, neither does CORS. What seems to be working in this current test is to set the location redirection to a relative URL, assuming that the API resource will always be available from the current domain. This is probably a fair assumption, since our API servers and front end servers are no longer different resources.
Reference commit for fix: 3d96f73fb47ef73b3c42809ca689cd2e479e8242
So far this is tested and working in Safari, Firefox, and Chrome.
This does create an additional side effect where www.streetmix.net and streetmix.net really are different websites, as far as browsers are concerned. This might affect LocalStorage - have to test this.
Follow up: the code to redirect domains is back (in 645e17ce92dbde76acfb9f3b06b700de1351e2a4). It was previously removed under the assumption that the bare domain was not available anymore.
Here's the situation: some environments have more than one origin (host and/or domain) accessing the same underlying server. Part of this can be explained as a side effect of merging back-end/front-end repositories, and Heroku changing its routing situation. The main one is that
www.streetmix.net
is supposed to be the canonical version ofstreetmix.net
now, and our name server doesn't let us do the A record or whatever it is that you need for a bare domain, except that Zerigo is probably letting us do it anyway, or whatever. The bottom line is, we are directing API calls to www.streetmix.net even when a person lands on streetmix.net, and this causes issues.Locally, the same effect seems to happen because of the parity on localhost and 127.0.0.1.
And here's the effect:
When a fetch-a-street request (via jQuery AJAX) hits the backend and lands on the "find street" handler, it figures out the appropriate API URL and sends a 307 back to the browser with the new location. Browsers are supposed to handle this, and then jQuery figures out whether the response is a success or a failure. It turns out that browsers are doing different things:
crossDomain: true
is set on the AJAX call.Translated to the yucky real world bug, it means a URL like this: http://streetmix.net/saikofish/87/a-reasonable-street (without the www. in front of it) will fail to load with a super unhelpful error on EVERY major browser except for Chrome!
For each of the failure scenarios, there is no failure if the redirection happens on the same origin as the request. The definition of origin is such that www.streetmix.net and streetmix.net are different origins, because the host name (www) differs, even though the domain does not. And localhost and 127.0.0.1 are clearly completely different in the eyes of the browser, even though they access the same server. So the workaround has been to change the domain (by putting a www. in front of streetmix for example). This did not feel good.
Because the redirect is handled at the browser layer, jQuery / front-end cannot be a reliable way to do solve the problem. Apparently, neither does CORS. What seems to be working in this current test is to set the location redirection to a relative URL, assuming that the API resource will always be available from the current domain. This is probably a fair assumption, since our API servers and front end servers are no longer different resources.
Reference commit for fix: 3d96f73fb47ef73b3c42809ca689cd2e479e8242
So far this is tested and working in Safari, Firefox, and Chrome.
This does create an additional side effect where www.streetmix.net and streetmix.net really are different websites, as far as browsers are concerned. This might affect LocalStorage - have to test this.