Spoiler tag not working with CDN and CORS

(Caue Rego) #1

Continuing the discussion from Folding spoilers:

I’ve checked the Console and it looks like it may not be working thanks to some cross-origin issues with CDN:

I’ll copy the text from the error for search engines:

Font from origin ‘http://talk-cdn.cregox.com’ has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘http://talk.cregox.com’ is therefore not allowed access.

Basically the same error message as found in another probably related issue, except this is trying to load a font rather than a script.

But my case here is a little peculiar.

I had enabled CDN on app.yml and later gave up on it due to some issues with CloudFlare (can’t even remember which issues). I also (still) don’t really need a CDN so, instead of rebaking everything (hate going to ssh) I thin I’ve decided to just set the CNAME from talk-cdn.cregox.com to talk.cregox.com and remove CloudFlare. That worked fine, until now! :stuck_out_tongue:

I’ve re-enabled CDN, in an attempt to remove this little hack rather than implementing a new one (I was thinking about going to customize header and add a policy there). Thanks to Jeff’s hint on how to do it on CloudFlare.

But it’s still not working! :frowning:

The cdn link doesn’t give an error, sets the HTML tag where it should be (a <span class="spoiler">) but looks like there’s no code (css or javascript) to handle that.

Any clues?

(Jeff Atwood) #2

You need your CDN to add the magic header to make it work, I guess. This is a CDN configuration issue with the headers served from your CDN.

For example

(Caue Rego) #3

From what I get, CloudFlare just grabs CORS from the web server. So I’ve added my domain (http://talk.cregox.com) at cors origins on /admin and the error message disappeared.

Tag still not working.

Then I’ve added DISCOURSE_ENABLE_CORS: true and rebuilt. Tried refreshing all CDN caches, and the tag still doesn’t work.

Only now I’ve looked at the header to verify it properly shows Access-Control-Allow-Origin:*, (which looks like an overkill to me). I believe it was there without needing any rebuild before, but got timed out to try things out today.

Lastly I now removed the admin cors origins settings and error message is gone but tag still doesn’t work.