Cross-Domain Access: Firefox
Opened this issue ยท 13 comments
Just tested the RESTAdapter for iArtNorfolk with a local instance of proxy-art as of commit 0c68856 and it functions properly:
Norfolkart.ApplicationAdapter = DS.RESTAdapter.extend({
host: 'http://localhost:5555'
});
Testing the RESTAdapter using the heroku instance fails to load the same route:
Norfolkart.ApplicationAdapter = DS.RESTAdapter.extend({
host: 'http://norfolkart.herokuapp.com'
});
Not sure if we actually have cross-domain access for the data here, nor how to handle this.
sprry about that let me look into this, this CORs issue keeps popping up :)
what are the headers saying if you dont mind me asking? that will probably give me a hint,
cool that it works locally.
Not sure how to check that. Tips?
EDIT: Nevermind. For http://norfolkart.herokuapp.com/exhibits:
HTTP/1.1 200 OK =>
Access-Control-Allow-Origin => *
Content-Type => application/json; charset=utf-8
Date => Wed, 25 Jun 2014 17:30:39 GMT
Etag => W/"881f-3515093840"
X-Powered-By => Express
Content-Length => 34847
Connection => Close
EDIT EDIT: Used the following site to get the above headers.
EDIT EDIT EDIT: Also, I think it works locally because it's the same domain and all, so it doesn't help with the cross-domain checks at the moment, but yeah, the RESTAdapter
works really nicely, actually.
Interesting: using the following curl command:
curl -i -H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-X OPTIONS 'http://norfolkart.herokuapp.com/exhibits'
...the following headers display:
HTTP/1.1 204 No Content
Access-Control-Allow-Methods: GET,HEAD,PUT,PATCH,POST,DELETE
Access-Control-Allow-Origin: *
Date: Wed, 25 Jun 2014 18:22:31 GMT
X-Powered-By: Express
Connection: keep-alive
"No content?"
Finding out that Firefox, due to handling pre-flight CORS requests properly, will not load the resultant page, while seemingly every other browser out there (I tested on IE, Opera and Chrome) will not handle the HTTP 401 from the pre-flight request properly and just load the page anyway.
I would suggest we find a way to handle the pre-flight request without authentication as the article suggests, using Node.js, of course.
Hey @stanzheng, I just committed 1c2292c, mind pushing that to Heroku when you get the chance? If it doesn't function, we can always revert it.
I looked up the docs and i thought the
app.use() synthax applies it to all the routes.
https://github.com/c4hrva/proxy-art/blob/1c2292cf02dac4bbd6bf9ea3139f69504889e959/server.js#L27
But i send it upa nywhere
On Wed, Jun 25, 2014 at 2:54 PM, Ryan Y. notifications@github.com wrote:
Hey @stanzheng https://github.com/stanzheng, I just committed 1c2292c
1c2292c,
mind pushing that to Heroku when you get the chance? If it doesn't
function, we can always revert it.โ
Reply to this email directly or view it on GitHub
#13 (comment).
Spam
https://www.spamtrap.odu.edu/canit/b.php?i=02MiGSObf&m=56807f5ff2d1&t=20140625&c=s
Not spam
https://www.spamtrap.odu.edu/canit/b.php?i=02MiGSObf&m=56807f5ff2d1&t=20140625&c=n
Forget previous vote
https://www.spamtrap.odu.edu/canit/b.php?i=02MiGSObf&m=56807f5ff2d1&t=20140625&c=f
Stanley Zheng
@stanzheng http://twitter.com/stanzheng
norfolkart.herokuapp.com
domain.
I'm a big dumb-dumb. Closing!
_Redacted too lame_
I don't understand the question.
oh * i never pulled down and tested the c4hrva/NorfolkArt app myself so i didn't do my due diligence for app development.
It does seem to take a bit for the gh-pages changes to propagate to the domain we set up... still can't see the live changes for http://iartnorfolk.com/ yet.