Closed
Bug 1183778
Opened 9 years ago
Closed 9 years ago
Always set Access-Control-Allow-Origin: * from cdn
Categories
(Content Services Graveyard :: Tiles: Content Front-End, defect)
Content Services Graveyard
Tiles: Content Front-End
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: Mardak, Assigned: jason)
References
Details
(Whiteboard: .?)
Bug 1182603 already has S3 buckets setting the appropriate ACAO header, but the cdn caches the first respond that might not set Origin in the request. We can force the cdn to always set the response header.
|
||
Comment 1•9 years ago
|
||
After some testing with edgecast and cloudfront we can accomplish this on the CDN side. For posterity: - S3 will send ACAO (CORS) headers when the Origin header is supplied in the request - on edgecast we will rewrite *all* requests to include an "Origin: mozilla.com". Then all cached responses will include the ACAO headers - on cloudfront, we will enable Header Forwarding for the "Origin: " header. *ONLY* clients that send the Origin header will get ACAO responses. This is actually how it should work. :mardak what is the Origin: header set to from actual clients? Since it is xhr, and redirect is it "Origin: null"? (this works btw)
Flags: needinfo?(edilee)
|
Reporter | |
Comment 2•9 years ago
|
||
Yes, because onyx redirects to the cdn, browsers send Origin: null. And for browsers to accept the response, the server needs to respond "ACAO: *" or "ACAO: null"
Flags: needinfo?(edilee)
|
|
||
Updated•9 years ago
|
Assignee: nobody → bwong
|
|
||
Comment 3•9 years ago
|
||
Assigning to jthomas to make the changes to the edgecast CDN.
Assignee: bwong → jthomas
|
Assignee | |
Comment 4•9 years ago
|
||
Rewrite rule added to Edgecast for tiles.cdn.mozilla.net. It may take up to 4 hours for this change to take effect. We will need to flush CDN cache once the change is completed to clear cached responses.
|
|
Assignee | |
Comment 5•9 years ago
|
||
Rules are now in effect. CDN cache has been flushed. curl https://tiles.cdn.mozilla.net/desktop_tile_index_v3.json -D- -so /dev/null HTTP/1.1 200 OK Accept-Ranges: bytes Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Cache-Control: public, max-age=31536000 Content-Disposition: inline Content-Type: application/json Date: Thu, 16 Jul 2015 16:43:26 GMT Etag: "c372a6dc8a66a7ca168b2fd2188595de" Last-Modified: Tue, 14 Jul 2015 04:54:59 GMT Server: AmazonS3 Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method x-amz-id-2: IKMiP4bKf62aaoVNz0mfNq/mLFNzNq/Nt7A4X1RD8evY0ms43atg5xttMiK5ZsVnSuja6G/O5PQ= x-amz-request-id: 98273BC4090E9DBE Content-Length: 41834
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 6•9 years ago
|
||
Works from XHR redirect:
x = new XMLHttpRequest(); x.open("GET", "https://tiles.services.mozilla.com/v3/links/fetch/en-US/release"); x.send();
GET /v3/links/fetch/en-US/release HTTP/1.1
Host: tiles.services.mozilla.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://tiles.cdn.mozilla.net/iframe.html
Origin: https://tiles.cdn.mozilla.net
Connection: keep-alive
HTTP/1.1 303 SEE OTHER
Access-Control-Allow-Origin: https://tiles.cdn.mozilla.net
Content-Type: text/html; charset=utf-8
Date: Thu, 16 Jul 2015 16:52:20 GMT
Location: https://tiles.cdn.mozilla.net/desktop/US/en-US.2b98785ce9a08e937650efcadf5b1fc052524fe0.ag.json
Content-Length: 0
Connection: keep-alive
GET /desktop/US/en-US.2b98785ce9a08e937650efcadf5b1fc052524fe0.ag.json HTTP/1.1
Host: tiles.cdn.mozilla.net
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:42.0) Gecko/20100101 Firefox/42.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://tiles.cdn.mozilla.net/iframe.html
Origin: null
Connection: keep-alive
HTTP/1.1 200 OK
Content-Encoding: gzip
access-control-allow-methods: GET
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=31536000
Content-Disposition: inline
Content-Type: application/json
Date: Thu, 16 Jul 2015 16:52:20 GMT
Etag: "8a0118e776fa299386d4085dc4a37ed0+gzip"
Last-Modified: Wed, 08 Jul 2015 04:30:01 GMT
Server: ECAcc (rhv/8137)
Vary: Accept-Encoding
x-amz-id-2: 9WaFrmD0UyvjF08sBVgO8/WSCM7seQDnHbZcw0TYNFkKKO6z1GwZjme4vzFHNO33FeJw+brquUk=
x-amz-request-id: E51DAD922D392C3A
X-Cache: HIT
Content-Length: 1326Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•