Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Blocked to to cross-domain requests #5

Closed
james2432 opened this issue Jul 25, 2019 · 2 comments
Closed

Blocked to to cross-domain requests #5

james2432 opened this issue Jul 25, 2019 · 2 comments

Comments

@james2432
Copy link

With https://www.mapwith.ai/ (mapping interface) from https://tasks-assisted.hotosm.org/

Cross-Origin requests are blocked in firefox as the same-origin requires everything to be hosted on mapwith.ai domain, but is making requests(and being denied) like so:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://www.facebook.com/maps/ml_roads?conflate_with_osm=tru…6377,24.106647175138534,-99.28344724784074,24.11667495768657. (Reason: CORS request did not succeed).

https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS

The solution is to send

Access-Control-Allow-Origin: https://www.facebook.com

To allow request to go to facebook.com. If not you have essentially broken firefox from working with your tasking manager
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin
@chrisklaiber
Copy link
Contributor

Hi @james2432, thanks for reporting this. I so far haven't been able to reproduce in Firefox 68 on Mac, but digging further it looks like could be due to an ad blocker plugin, from the description at https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed

One workaround would be to configure the ad blocker to allow the path /maps/ml_roads on facebook.com, which is the endpoint from which we serve both the ML roads data and the "Facebook's Map With AI - Maxar Imagery" background layer for RapiD.

If you open up the dev tools, you'll see Access-Control-Allow-Origin: https://mapwith.ai in the response headers for the imagery & data from facebook.com. We had experienced CORS issues while developing the site, and resolved them with the help of the header you've suggested here.

Would you be able to confirm whether an ad block plugin is applicable to this issue, and if so, whether allowing that specific path helps?

@james2432
Copy link
Author

Can confirm it's Disconnect plugin that is blocking the requests to facebook.com

@AndrewKvalheim AndrewKvalheim mentioned this issue Oct 19, 2019
Closed
@Chaz6 Chaz6 mentioned this issue Nov 27, 2019
Closed
Bonkles added a commit that referenced this issue Dec 4, 2019
@Bonkles
Merge pull request #5 from facebookincubator/master
06551ba 
Merge latest
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chrisklaiber @james2432