Code highlighting failed because bunny.net CDN

Someone compained that code highlighting isn’t working on their site. I’ve replicated the issue on mine. The issue seems to be that the CDN is blocked by CORS policy:

I fixed the problem by adding js to the “add cors header” setting on the cors page:

If enabled, bunny.net will automatically add CORS headers (Cross-Origin Resource Sharing) to all requests to files with extensions from the list.

This post is to document it in case someone else has an issue with a bunny.net CDN and to make sure that I understand this.

I believe there is (or used to be) a setting in bunny which added js to cors? I (for some reason) have js added to cors for all my bunny.net resources but I don’t recall adding them myself. Is it a fairly new site?

The site where they first noticed it has been around a long time (don’t remember when they started using bunny).

I’m not sure if bunny changed or something about the included script did.

The change which made this noticeable was most likely DEV: Modernise highlightjs loading (#24197) · discourse/discourse@0878dde · GitHub, which switched highlightjs to load via native import(), which requires CORS headers when fetching from a CDN.

But even before that change, you likely would have had some issues with things like custom Fonts (which also require CORS headers for cross-origin requests).

In theory, Discourse itself should be adding the CORS header to CDN responses. If it’s not, that probably means your CDN is not setting the CDN hostname (i.e. not the forum hostname) in the Host header or the X-Forwarded-Host header.

That said, adding the headers via the CDN config likely achieves the same thing

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.