Issue: at https://www.shakespearesworld.org/ , users can log in normally via Panoptes. However, after clicking the logout button, users will receive an error message and the app will refuse to acknowledge that the user has logged out.
Analysis:
Error message (on Chrome 50):
XMLHttpRequest cannot load https://panoptes.zooniverse.org/users/sign_in/?now=1461021279536. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.shakespearesworld.org' is therefore not allowed access. The response had HTTP status code 404.
These errors follow the recent merge of the new oAuth implementation with PR #288. There have been no logout issues with the same app when tested at https://preview.zooniverse.org/shakespearesworld. Therefore, the most likely explanation is that there is a specific server-side whitelist that needs to be configured to allow cross-origin or cross-domain access.
Tested on Chrome50/Firefox45 + Win10/SurfacePro3.
Status: Investigating
Actions: Checking with fellow devs to see who might know about a cross-origin/cross-domain whitelist.
Issue: at https://www.shakespearesworld.org/ , users can log in normally via Panoptes. However, after clicking the logout button, users will receive an error message and the app will refuse to acknowledge that the user has logged out.
Analysis: Error message (on Chrome 50):
XMLHttpRequest cannot load https://panoptes.zooniverse.org/users/sign_in/?now=1461021279536. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://www.shakespearesworld.org' is therefore not allowed access. The response had HTTP status code 404.
These errors follow the recent merge of the new oAuth implementation with PR #288. There have been no logout issues with the same app when tested at https://preview.zooniverse.org/shakespearesworld. Therefore, the most likely explanation is that there is a specific server-side whitelist that needs to be configured to allow cross-origin or cross-domain access.
Tested on Chrome50/Firefox45 + Win10/SurfacePro3.
Status: Investigating Actions: Checking with fellow devs to see who might know about a cross-origin/cross-domain whitelist.