CORS External Redirect not Allowed

[jeffkinnison]

I'm running tests on Firefox/Windows and getting this error on every search. On accessing /parallels/ through the frontend, I get:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://tess-new.caset.buffalo.edu/api/parallels/454d5b398ee0448198115bce924b883a. (Reason: CORS request external redirect not allowed).

Here are the MDN docs, which indicates that this has something to do with the 3XX response from the API on initiating a search. They suggest updating the code to use the redirected URL, but I can't because I don't know the redirected URL until /parallels responds.

Proposed solution: return the search ID as response data in a 2XX from /parallels instead of in the Location header in a 3XX.

[jeffkinnison]

Wait, this has to do with different origins...did CORS get turned off again?

[nOkuda]

While I couldn't reproduce the Cross-Origin Request Blocked message on Firefox + Windows, I did notice that the second to last network request was a 301 redirect. I believe this is happening because a final "/" is missing on the requested URL.

Should we investigate whether it would be reasonably easy to change Flask's behavior to automatically accept URLs with the missing final "/"?

[jeffkinnison]

Solved by adding a final / to every URL. Apparently computers take things very literally.