Closed Bug 1283292 Opened 9 years ago Closed 9 years ago

Enable CORS on Community Discourse for community sites

Categories

(Participation Infrastructure :: Community Ops, task)

Product:
Participation Infrastructure
Component:
Community Ops
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: lmcardle, Unassigned)

References

(Blocks 1 open bug)

Details

CORS should be enabled on Discourse to allow http://arewediscoursingyet.com/ to access the json file of metrics
Ops blog will also need this. Need to see why Discourse also sends the ACAC header when CORS is enabled.
Summary: Enable CORS on Community Discourse for AWDY → Enable CORS on Community Discourse for community sites
I would love to have CORS back in order to fetch some topics from a campaign page we are creating :)
Do we have an ETA for this? It's blocking any discourse integration with external sites/tools.
Flags: needinfo?(yousef)
We moved this out of our sprint for this and last week as other things came up. We're expecting to put this in our next sprint or the one after.
Flags: needinfo?(yousef)
Nuke, which domains should I enable in CORS for you?
Flags: needinfo?(nukeador)
Well, I was expecting CORS to be enabled for everyone, since this will allow people to play and test the API without asking for approval. We wanted to experiment here http://activate.mozilla.community/ But I was also doing my personal tests here: https://www.nukeador.com/discourse-blog/ https://github.com/nukeador/discourse-api-js
Flags: needinfo?(nukeador)
I've enabled CORS for the following domains: https://arewediscoursingyet.com https://activate.mozilla.community https://nukeador.com https://github.io
Status: NEW → UNCONFIRMED
Ever confirmed: false
Status: UNCONFIRMED → NEW
Ever confirmed: true
Hi Rubén, the reason we cannot provide an "allow everyone for CORS" policy is because Discourse also adds an Access-Control-Allow-Credentials header which is wrong when the origin is * and a security risk otherwise. However, we offer to add CORS configurations in a timely manner whenever people request them. We hereby close the issue as the above mentioned sites have been CORS enabled. Best regards, Henrik
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Can we have it also for any *.mozilla.org or mozilla.community site? Bug 1309226 will need it for mozilla.org
Hi Rubén, we will address Bug 1309226 (https://tree.taiga.io/project/pierros-mozilla-particiaption-systems/us/197?kanban-status=904519) next year and will solve that issue in the most appropriate way. Again, any site that wants to have access will be configured. This will happen on a case by case base. There is no wildcard configuration. Hope this helps. Best regards, Henrik
You need to log in before you can comment on or make changes to this bug.