CORS issue on meta

I wasn’t getting a green lock on meta - turned out to be that I visited a topic with mixed content, but I see that this is happening on meta:

Image from origin ‘https://cdn-enterprise.discourse.org/meta’ has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://meta.discourse.org’ is therefore not allowed access.

Figured I’d let someone know.

Yeah this often happen with oneboxed content or linked images. There’s not much we can do here.

1 Like

Wouldn’t that header be present on the Fastly content @sam?

1 Like

The mentioned warning (in Chrome console) shows up on the main page, so I don’t think it has anything to do with oneboxed content or linked images.

Agreed Regis… it was foreign content in a topic that got my attention.

not really, we have to enable cors to get headers, not sure why this is happening but I also dislike the errors in chrome.

This is happening when “Show new / updated topic count on browser icon” is enabled in the user preferences. The missing Access-Control-Allow-Origin header on S3 prevents the topic count to show up in the favicon.

3 Likes

Since the topic about Favicon notification was closed as “complete” I’d like to point out, that there’s still an issue with CORS that can prevent it from working properly.

I guess this should be mentioned in some documentation about S3 and it would be great if this header could be enabled here on meta. :wink:

1 Like

Maybe do a howto on it?

I’m not a S3 user. Maybe we should move this out of Lounge in order to find someone willing to document this?
Anyway, the solution posted on stackoverflow looks promising…

2 Likes

Fixed everywhere (including for S3 setups per: https://meta.discourse.org/t/whatever-happened-to-favicon-notifications/32351/8?u=sam)

Yay :confetti_ball:

5 Likes