Closed Bug 988831 Opened 7 years ago Closed 7 years ago

Enable CORS for all routes and allow credentials

Categories

(Hello (Loop) :: Server, defect)

defect
Not set
normal

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: ferjm, Assigned: ferjm)

References

Details

Attachments

(1 file)

v1
55 bytes, text/x-github-pull-request
alexis+bugs
: review+
Details | Review
Because of bug 966216 we cannot use SystemXHR to relax the same-origin XHR restrictions for the Gaia Loop client until the server stops using cookies to authenticate users, so we need CORS enabled for all routes in the server.

We have a white list of allowed origins in the server so I can't think about any reason not to do this.
Assignee: nobody → ferjmoreno
Blocks: 988389
Depends on: 986057
Hi, thanks for opening this.

I wonder what would be the origin for requests coming from the phone, and if having CORS for all the routes would solve this?
After some quick chat, it seems to solve the problem you're mentioning, so let's do that.
Attached file v1
Attachment #8397856 - Flags: review?(alexis+bugs)
Comment on attachment 8397856 [details] [review]
v1

Thanks, I merged it with the last changes you did.

https://github.com/mozilla-services/loop-server/commit
/b8d17bf34c0cdba4e238b1ef9326f121fe217131
Attachment #8397856 - Flags: review?(alexis+bugs) → review+
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → FIXED
Thanks!
Fix either went out with a previous deployment to Production or has been superceded by new code...
Status: RESOLVED → VERIFIED
Pushed by sfink@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/c0be190ee52a
support memory mapped files in Windows. r=ehoogeveen
(In reply to Pulsebot from comment #7)
> Pushed by sfink@mozilla.com:
> https://hg.mozilla.org/integration/mozilla-inbound/rev/c0be190ee52a
> support memory mapped files in Windows. r=ehoogeveen

This is bug 988813
You need to log in before you can comment on or make changes to this bug.