When trying to set up a dashboard using the JSON data I have on crash-analysis.m.c on a different website (via XHR), I get errors like this: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://crash-analysis.mozilla.com/rkaiser/latestdate.txt. (Reason: CORS header 'Access-Control-Allow-Origin' missing). As we'd like to get more flexible in where and how we can use data (and run less stuff within infrastructure needing to be hosted by the Socorro team), I think we should send that header to allow any site to use that data.
After discussion we concluded that it's fine. There's no user data that can change on that nginx server. I'll leave it to jp to execute.
I'm going to run it by ulfr as a sanity test, and not going to go making these changes while I'm on pto. Thus, we'll target early next week to address.
r+ for me Access-Control-Allow-Origin: *
We don't support crash-analysis any more. If there's a problem with CORS headers that someone else needs we can open a new bug.