ICEpush
  1. ICEpush
  2. PUSH-295

Request for code.icepush is not allowed by Access-Control-Allow-Origin

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: 4.0.BETA
    • Fix Version/s: 4.0.BETA, 4.0
    • Component/s: Push Server
    • Labels:
      None
    • Environment:
      ICEpush NaaS

      Description

      If an attempt is made to use the ICEpush service from multiple domains, the second one will be denied.

        Activity

        Hide
        Ted Goddard added a comment -

        To reproduce:

        Load the demo http://bridgeit.mobi/demo/geotrack.html

        Then load the demo http://bridgeit.github.io/demo-jqm/geotrack.html

        The push connection for the second demo will fail as can be seen in the JavaScript console, but the first can be verified to be still functional.

        XMLHttpRequest cannot load http://api.bridgeit.mobi/push/code.icepush. Origin http://bridgeit.github.io is not allowed by Access-Control-Allow-Origin.

        The cause appears to be that the Access-Control-Allow-Origin header from the initial request to code.icepush is cached, allowing only the initial origin.

        The fix is likely to use "*" as the Access-Control-Allow-Origin value. This must be tested.

        Show
        Ted Goddard added a comment - To reproduce: Load the demo http://bridgeit.mobi/demo/geotrack.html Then load the demo http://bridgeit.github.io/demo-jqm/geotrack.html The push connection for the second demo will fail as can be seen in the JavaScript console, but the first can be verified to be still functional. XMLHttpRequest cannot load http://api.bridgeit.mobi/push/code.icepush . Origin http://bridgeit.github.io is not allowed by Access-Control-Allow-Origin. The cause appears to be that the Access-Control-Allow-Origin header from the initial request to code.icepush is cached, allowing only the initial origin. The fix is likely to use "*" as the Access-Control-Allow-Origin value. This must be tested.
        Hide
        Jack Van Ooststroom added a comment -

        NaaS has been configured to use "*" for the Access-Control-Allow-Origin header. This has been tested and verified during the BridgeIt deployment. Marking this one as FIXED.

        Show
        Jack Van Ooststroom added a comment - NaaS has been configured to use "*" for the Access-Control-Allow-Origin header. This has been tested and verified during the BridgeIt deployment. Marking this one as FIXED.

          People

          • Assignee:
            Jack Van Ooststroom
            Reporter:
            Ted Goddard
          • Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: