Closed
Bug 949465
Opened 11 years ago
Closed 10 years ago
Enable CORS (or JSONP) site-wide, but also respect more specific htaccess files
Categories
(developer.mozilla.org Graveyard :: General, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kaze, Unassigned)
References
Details
(Whiteboard: [specification][type:feature][dev-papercut])
What problems would this solve? =============================== IDEs and advanced text editors could use this to have direct access to the best available documentation: click on a keyword in an HTML, CSS or JS file, press F1, get the documentation. Who would use this? =================== Web developers. All of them. :-) What would users see? ===================== No UI change on MDN. What would users do? What would happen as a result? =================================================== As users could access this documentation transparently, they would use it a lot more and we could expect to get more contributions. Is there anything else we should know? ====================================== Wikipedia allows such an access and it’s pretty neat; I think it makes even more sense for MDN than for wikipedia.
Comment 1•11 years ago
|
||
Vote! MDN devs implement features based on number of votes :-)
Comment 2•11 years ago
|
||
I believe we have this already: https://developer.mozilla.org/en-US/docs/Project:MDN/Kuma/API You can access the raw HTML of a doc page, even a specific section, and it serves up an ACAO: * header curl -ksi -X'HEAD' 'https://developer.mozilla.org/en-US/docs/Web/Guide/HTML/HTML5?raw¯os§ion=Semantics' HTTP/1.1 200 OK Server: Apache Vary: Cookie, Accept-Encoding X-Backend-Server: developer2.webapp.scl3.mozilla.com Content-Type: text/html; charset=utf-8 Date: Thu, 12 Dec 2013 15:34:57 GMT x-kuma-revision: 495301 Transfer-Encoding: chunked Access-Control-Allow-Origin: * ETag: "ec3c6939ea4e5f1e6a2d60a2b662a10a017732af" X-Robots-Tag: noindex Connection: Keep-Alive X-Frame-Options: Allow Last-Modified: Tue, 03 Dec 2013 06:16:42 GMT X-Cache-Info: caching Does that work for you?
Comment 3•11 years ago
|
||
FWIW, this is an old & partially broken pinboard / MDN mashup I did a few months ago: http://dl.dropboxusercontent.com/u/2798055/mdn-mash/index.html The significant part, though, is that it loads up MDN pages I bookmarked on pinboard.in and inserts their summaries into the page. When it worked fully, it would also pull in the content for whichever page you clicked. I should update that thing and see what's breaking it
@lorchard That's awesome. Unfortunately I tested on some pages that didn't work, like tag list ( https://developer.mozilla.org/en-US/docs/tag/WebAPI for example ). This pages are useful to quickly get a list of all available resources, so if you could enable CORS on it… Thanks !
Comment 5•11 years ago
|
||
(In reply to Clochix from comment #4) > @lorchard That's awesome. Unfortunately I tested on some pages that didn't > work, like tag list ( https://developer.mozilla.org/en-US/docs/tag/WebAPI > for example ). This pages are useful to quickly get a list of all available > resources, so if you could enable CORS on it… Thanks ! Hmm, we do offer some feeds alongside the main API: https://developer.mozilla.org/en-US/docs/Project:MDN/Tools/Feeds So, to get that page with JSONP: https://developer.mozilla.org/en-US/docs/feeds/json/tag/WebAPI?callback=foo But, ideally the feed should also offer an ACAO: * header. So, we can keep this bug open to make that enhancement. Our intent is to support CORS liberally for all data sources on MDN - so wherever that's missing, it's a bug!
I also have some problems with redirects. For example in https://developer.mozilla.org/en-US/Firefox_OS/Security/Security_model there's a link to https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Runtime_security. This url redirects to https://developer.mozilla.org/en-US/Firefox_OS/Security/Runtime_security then https://developer.mozilla.org/en-US/docs/System_security?redirectlocale=en-US&redirectslug=Mozilla%2FFirefox_OS%2FSecurity%2FRuntime_security then https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/System_security?redirectlocale=en-US&redirectslug=System_security and at least https://developer.mozilla.org/en-US/Firefox_OS/Security/System_security?redirectlocale=en-US&redirectslug=System_security. The urls with /Mozilla/ don't send CORS headers, so a request to https://developer.mozilla.org/en-US/docs/Mozilla/Firefox_OS/Security/Runtime_security is not able to get the real page.
Updated•10 years ago
|
Severity: normal → major
Whiteboard: [specification][type:feature] → [specification][type:feature][dev-papercut]
Comment 7•10 years ago
|
||
Thanks for marking this as major, Maris. Optimizely trackEvent calls are currently failing because the ACAO header is not being served on some pages. We set ACAO in our htaccess file [1] but it does appear to affect all pages. We thought the load balancer could be at fault, but this happens even locally. Are there any reservations against enabling CORS everywhere? If this is the goal, I can update the title accordingly. [1] https://github.com/mozilla/kuma/blob/master/configs/htaccess#L78-81
Comment 8•10 years ago
|
||
s/but it does appear/but it does not appear
Comment 9•10 years ago
|
||
The only concern we ever have about CORS site-wide is if sites hot-link fonts for which we don't have rights to redistribute. So, if we fix this site-wide via the root htaccess, we need to verify that the directory-level .htaccess [1] is still blocking CORS requests for those fonts. [1] https://github.com/mozilla/kuma/blob/master/media/fonts/.htaccess
Updated•10 years ago
|
Summary: Enable CORS (or JSONP) on MDN → Enable CORS (or JSONP) site-wide, but also respect more specific htaccess files
Comment 10•10 years ago
|
||
Quick update to comment 7: > We thought the load balancer could be at fault, but this happens even > locally. While ACAO headers are served on some production pages (see comment 2), they are not served on /any/ Vagrant-hosted pages. So I was incorrect in comment 7. ACAO headers are not served locally, true, but that seems to be for a different reason.
Comment 11•10 years ago
|
||
We're working with WebOps to address this in bug 1043604. Everyone here is free to add comments on the proposal from WebOps.
Updated•10 years ago
|
Updated•10 years ago
|
Comment 12•10 years ago
|
||
Done with 1043604
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•