Closed
Bug 1183778
Opened 9 years ago
Closed 9 years ago
Always set Access-Control-Allow-Origin: * from cdn
Categories
(Content Services Graveyard :: Tiles: Content Front-End, defect)
Content Services Graveyard
Tiles: Content Front-End
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: Mardak, Assigned: jason)
References
Details
(Whiteboard: .?)
Bug 1182603 already has S3 buckets setting the appropriate ACAO header, but the cdn caches the first respond that might not set Origin in the request. We can force the cdn to always set the response header.
Comment 1•9 years ago
|
||
After some testing with edgecast and cloudfront we can accomplish this on the CDN side. For posterity: - S3 will send ACAO (CORS) headers when the Origin header is supplied in the request - on edgecast we will rewrite *all* requests to include an "Origin: mozilla.com". Then all cached responses will include the ACAO headers - on cloudfront, we will enable Header Forwarding for the "Origin: " header. *ONLY* clients that send the Origin header will get ACAO responses. This is actually how it should work. :mardak what is the Origin: header set to from actual clients? Since it is xhr, and redirect is it "Origin: null"? (this works btw)
Flags: needinfo?(edilee)
Reporter | ||
Comment 2•9 years ago
|
||
Yes, because onyx redirects to the cdn, browsers send Origin: null. And for browsers to accept the response, the server needs to respond "ACAO: *" or "ACAO: null"
Flags: needinfo?(edilee)
Updated•9 years ago
|
Assignee: nobody → bwong
Comment 3•9 years ago
|
||
Assigning to jthomas to make the changes to the edgecast CDN.
Assignee: bwong → jthomas
Assignee | ||
Comment 4•9 years ago
|
||
Rewrite rule added to Edgecast for tiles.cdn.mozilla.net. It may take up to 4 hours for this change to take effect. We will need to flush CDN cache once the change is completed to clear cached responses.
Assignee | ||
Comment 5•9 years ago
|
||
Rules are now in effect. CDN cache has been flushed. curl https://tiles.cdn.mozilla.net/desktop_tile_index_v3.json -D- -so /dev/null HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000 Content-Disposition: inline Content-Type: application/json Date: Thu, 16 Jul 2015 16:43:26 GMT Etag: "c372a6dc8a66a7ca168b2fd2188595de" Last-Modified: Tue, 14 Jul 2015 04:54:59 GMT Server: AmazonS3 Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method x-amz-id-2: IKMiP4bKf62aaoVNz0mfNq/mLFNzNq/Nt7A4X1RD8evY0ms43atg5xttMiK5ZsVnSuja6G/O5PQ= x-amz-request-id: 98273BC4090E9DBE Content-Length: 41834
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Reporter | ||
Comment 6•9 years ago
|
||
Works from XHR redirect: x = new XMLHttpRequest(); x.open("GET", "https://tiles.services.mozilla.com/v3/links/fetch/en-US/release"); x.send(); GET /v3/links/fetch/en-US/release HTTP/1.1 Host: tiles.services.mozilla.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://tiles.cdn.mozilla.net/iframe.html Origin: https://tiles.cdn.mozilla.net Connection: keep-alive HTTP/1.1 303 SEE OTHER Access-Control-Allow-Origin: https://tiles.cdn.mozilla.net Content-Type: text/html; charset=utf-8 Date: Thu, 16 Jul 2015 16:52:20 GMT Location: https://tiles.cdn.mozilla.net/desktop/US/en-US.2b98785ce9a08e937650efcadf5b1fc052524fe0.ag.json Content-Length: 0 Connection: keep-alive GET /desktop/US/en-US.2b98785ce9a08e937650efcadf5b1fc052524fe0.ag.json HTTP/1.1 Host: tiles.cdn.mozilla.net User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: https://tiles.cdn.mozilla.net/iframe.html Origin: null Connection: keep-alive HTTP/1.1 200 OK Content-Encoding: gzip access-control-allow-methods: GET Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000 Content-Disposition: inline Content-Type: application/json Date: Thu, 16 Jul 2015 16:52:20 GMT Etag: "8a0118e776fa299386d4085dc4a37ed0+gzip" Last-Modified: Wed, 08 Jul 2015 04:30:01 GMT Server: ECAcc (rhv/8137) Vary: Accept-Encoding x-amz-id-2: 9WaFrmD0UyvjF08sBVgO8/WSCM7seQDnHbZcw0TYNFkKKO6z1GwZjme4vzFHNO33FeJw+brquUk= x-amz-request-id: E51DAD922D392C3A X-Cache: HIT Content-Length: 1326
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•