Closed Bug 1090227 Opened 5 years ago Closed 5 years ago

CORS only error message doesn't help debug issues

Categories

(Core :: DOM: Core & HTML, defect)

defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1121824

People

(Reporter: rik, Unassigned, Mentored)

References

Details

(Whiteboard: [lang=c++])

When debugging bug 1087327 last week, Firefox was not helping me understand the issue. Any CORS error will be logged as:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at %1$S. This can be fixed by moving the resource to the same domain or enabling CORS.

In contrast, Chrome and Safari gave me a message that was more useful:
XMLHttpRequest cannot load https://support.allizom.org/api/2/question/. Request header field Authorization is not allowed by Access-Control-Allow-Headers.

We should improve our reporting to help web developers.
Mentor: bzbarsky
Whiteboard: [lang=c++]
Relevant code: LogBlockedRequest in nsCrossSiteListenerProxy.cpp and the CrossSiteRequestBlocked property in http://mxr.mozilla.org/mozilla-central/source/dom/locales/en-US/chrome/security/security.properties.
Is very annoying this problem!
Maybe add an alert for the Open Web App for use the mozSystem in XHR request, and the systemXHR in the manifest.webapp will be very useful.
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1121824
Component: DOM → DOM: Core & HTML
You need to log in before you can comment on or make changes to this bug.