-
Notifications
You must be signed in to change notification settings - Fork 74
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Coala Online is broken due to CORS #282
Comments
Thank you. I have posted an issue to that project: https://gitlab.com/gitmate/open-source/gitmate-2/issues/392 |
can i solve this issue please assign me this one . |
the UI is not responding to the 200 response codes too. |
I took a look at the network requests a few weeks ago. They were different from when I reported this bug. I think that something else is going wrong now! (The CORS issue might be fixed, not sure.) |
I see this issue is still open, however I could not replicate the issue from my side. I see no CORS errors in the Console tab when using my Chrome Developer Tools. Further to this, it seems this asset is no longer available: Just for clarity purposes, CORS has two types of requests, simple and complex. With reference to the former, you will note if the Origin header is present in the request, a successful request is made and the relevant CORS headers are returned in the response, for example:
... However, should we simulate a complex CORS request (when making PUT request), the browser actually makes a pre-flight request, using the OPTIONS HTTP method. If the correct headers are returned in the response for the pre-flight request, then the actual HTTP request is made, for example: Simulated pre-flight check from the browser, using the OPTIONS method: ... You will note this time I get a 405 because the OPTIONS method is not allowed for this website, https://coala.io/#/coalaonline. With the above in mind, it is possible that some website assets on this page at that time were performing complex CORS requests and the destination host (https://api.gitmate.io/coala_online), serving the CORS request, the pre-flight check from the browser failed. The other possibility is that the host that is serving assets for any CORS requests, simply does not have a CORS policy configured or is too restrictive. Reference: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS Just my two cents :) I presume we can close this issue then? |
I don't think it makes sense to close the issue, because Coala Online is still not working. Thanks for your examples @ryanleonbutler, although I think they should be targetting But as you say, api.gitmate.io is offline at the moment. That's why we don't see any CORS error. So the task now is to get api.gitmate.io restored, or something equivalent to it. |
https://coala.io/#/coalaonline does not work due to the SOP security restrictions in browsers. This is bad for Coala marketing and therefore adoption!
We can use CORS to get past these restrictions. (MDN, Wikipedia)
To do that, we must add some HTTP headers to the response provided from
api.gitmate.io
Where is the code for that API server? (Is it here?)
The text was updated successfully, but these errors were encountered: