Closed
Bug 1281846
Opened 8 years ago
Closed 8 years ago
CORS not allowed for location.services.mozilla.com/v1/country
Categories
(Cloud Services :: Server: Location, defect)
Cloud Services
Server: Location
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1255488
People
(Reporter: alex_mayorga, Unassigned)
Details
¡Hola! Spotted this on Mozilla/5.0 (Windows NT 6.1; WOW64; rv:50.0) Gecko/20100101 Firefox/50.0 ID:20160623030210 CSet: c9edfe35619f69f7785776ebd19a3140684024dc "Browser Console": Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://location.services.mozilla.com/v1/country?key=fa6d7fc9-e091-4be1-b6c1-5ada5815ae9d. (Reason: missing token ‘x-csrftoken’ in CORS header ‘Access-Control-Allow-Headers’ from CORS preflight channel). Dropping this bug here in case it is actually actionable. ¡Gracias! Alex
Updated•8 years ago
|
Summary: The Same Origin Policy disallows reading the remote resource at https://location.services.mozilla.com/v1/country?key=fa6d7fc9-e091-4be1-b6c1-5ada5815ae9d → CORS not allowed for location.services.mozilla.com/v1/country
Comment 1•8 years ago
|
||
(In reply to alex_mayorga from comment #0) > Cross-Origin Request Blocked: The Same Origin Policy disallows reading the > remote resource at > https://location.services.mozilla.com/v1/country?key=... > (Reason: missing token ‘x-csrftoken’ in CORS header > ‘Access-Control-Allow-Headers’ from CORS preflight channel). Can you reproduce this following certain steps? Was this triggered just after startup or on a particular web site?
Comment 2•8 years ago
|
||
Based on the API key, this is probably a problem with kitsune/SUMO. The non-standard x-csrftoken header also shows up in their codebase, for example in a general AJAX setup function at https://github.com/mozilla/kitsune/blob/a8ed6f598293be6d7286cae2bf8ae3f4d9ea7d8b/kitsune/sumo/static/sumo/js/main.js#L125 My guess is that they broadly apply and add this header to all AJAX calls, even though it should only be added for calls to their own service and not external services like the Mozilla Location Service.
Reporter | ||
Comment 3•8 years ago
|
||
¡Hola Hanno! You're right! Loading https://support.mozilla.org/ causes this to appear. ¡Gracias! Alex
Updated•8 years ago
|
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•