Closed
Bug 530051
Opened 15 years ago
Closed 15 years ago
Allow cross-site requests to BzAPI
Categories
(Webtools Graveyard :: BzAPI, defect)
Webtools Graveyard
BzAPI
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: gerv, Assigned: gerv)
References
()
Details
E.g. OPTIONS.
This is because we set it manually on the responses we handle, and the framework handles OPTIONS for us. So I need to figure out how to hook in deeper to add it to all responses.
Gerv
Assignee | ||
Comment 1•15 years ago
|
||
Fixed in changeset c1b7a7233b55. Although there were more problems too, specifically with JSON and the framework and empty response bodies. So I worked around those too.
Look for this fix in 0.3.
Gerv
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
Comment 2•15 years ago
|
||
Do you have an ETA on 0.3? I wonder if it's worth spending my time hacking on a workaround or not.
Assignee | ||
Comment 3•15 years ago
|
||
I'll have something for you (if not for the rest of the world :-) by the end of tomorrow. Is that quick enough? Which servers are you working against - b.m.o. stage or both?
Gerv
Comment 4•15 years ago
|
||
End of tomorrow is good enough, and I'm working against bmo.
Comment 5•15 years ago
|
||
Sorry, reopening. I still can't talk through, and I'm taking guesses as to why:
In our code [1], I see checks for "Access-Control-Allow-Methods" in preflight requests (aka the OPTIONS one) for GET or POST matching the actual request, but the header I get from the API only lists "Allow", https://developer.mozilla.org/En/HTTP_Access_Control#Access-Control-Allow-Methods has more on that header. Not sure if you need to expose the headers, too.
I've uploaded my page at http://people.mozilla.com/~axel/Localization%20bugs.html for testing.
[1] http://mxr.mozilla.org/mozilla1.9.2/source/content/base/src/nsCrossSiteListenerProxy.cpp#280
Assignee | ||
Comment 6•15 years ago
|
||
Looks like I need to go and read the spec properly instead of guessing, then :-)
I'll make this P1 tomorrow morning, and issue an update to 0.3.
Gerv
Summary: BzAPI doesn't set Access-Control-Allow-Origin: * on all responses → Allow cross-site requests to BzAPI
Assignee | ||
Comment 7•15 years ago
|
||
OK, so here's the problem. Normally the GET request your code makes would be considered a "simple" request and not require OPTIONS pre-flighting. However, JQuery adds a custom "X-Requested-With" header to the request, which makes it not "simple" any more. So its gets preflighted. Commenting out the line in jquery.js (3409) which adds this header makes the request get sent directly.
http://dev.jquery.com/ticket/4858
Incidentally, the query you are trying to do (all bugs in "Mozilla Localizations") returns 4668 bugs and takes 48 seconds to run when run on Bugzilla directly. So don't expect the API to be any quicker than that, because at the moment the implementation just asks for the bugs and counts the returned rows.
This, of course, doesn't change the fact that complex queries, i.e. ones which require preflighting, _are_ broken. As you say, the spec also requires the Access-Control-Allow-Methods header. I will issue an update to 0.3 supplying this header, and that will resolve this bug. I'll also allow that custom header so unmodified JQuery works.
Gerv
Assignee | ||
Comment 8•15 years ago
|
||
Oh, and the code at the URL you gave in comment 5 now works :-)
Gerv
Assignee | ||
Comment 9•15 years ago
|
||
Fixed in changeset ab869aea33bc.
Gerv
Status: REOPENED → RESOLVED
Closed: 15 years ago → 15 years ago
Resolution: --- → FIXED
Updated•6 years ago
|
Product: Webtools → Webtools Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•