Closed blalbrit closed 5 months ago
Corpus team is requesting now because they cannot build effective feature pages without it.
I wonder if the load-balancer that's handling the parker.stanford.edu alias isn't sending enough information to the application.
When I curl the exhibit's oembed endpoint I'm not getting any Access-Control-Allow-Origin
header.
$ curl -I https://exhibits.stanford.edu/oembed/embed\?canvas_index\=5\&url\=https%3A%2F%2Fpurl.stanford.edu%2Fnm203xw8381
HTTP/1.1 200 OK
Date: Sat, 03 Feb 2018 00:00:26 GMT
Server: Apache/2.2.15 (CentOS)
Cache-Control: max-age=0, private, must-revalidate
X-XSS-Protection: 1; mode=block
X-Request-Id: 3d02c41c-cb57-41ef-b161-6f3f08336cec
ETag: W/"924a225e69499faef10e8df2bbdded56"
X-Frame-Options: SAMEORIGIN
X-Runtime: 0.146013
X-Content-Type-Options: nosniff
X-Powered-By: Phusion Passenger 5.1.1
Strict-Transport-Security: max-age=31536000; includeSubDomains
Transfer-Encoding: chunked
Status: 200 OK
Vary: Accept-Encoding
Content-Type: application/json; charset=utf-8
I'm really asking -- why it is cross-origin in the first place? parker.stanford.edu
ought to use parker.stanford.edu/oembed
.
Maybe this is another engine routing issue? (happy to say it's a load balancer issue and let ops investigate though)
Problem: Embed widget in parker.stanford.edu does not load content (though does load text):
@jkeck investigated briefly and determined that the cross-domain content load is being blocked by CORS. Confirmed by checking the same page through the non-aliased URL: https://exhibits.stanford.edu/parker/feature/worlds-real-and-imagined
Desired outcome: unblocking the content in the parker.stanford.edu view
(also leads to a follow-on question about hiding the UV contents panel in the widget by default - but that likely needs its own ticket).