Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CORS headers are no longer included on results.json responses #382

Closed
mythmon opened this issue Apr 25, 2018 · 4 comments
Closed

CORS headers are no longer included on results.json responses #382

mythmon opened this issue Apr 25, 2018 · 4 comments
Assignees
@alison985
Labels
in progress
Milestone
14

Comments

@mythmon
Copy link

mythmon commented Apr 25, 2018

Issue Summary

CORS headers are no longer sent on responses for results.json. This prevents Redash data from being used in some kinds of external dashboards. I'm seeing this in Firefox Nightly on Linux, but I expect it would happen in any browser.

Steps to Reproduce

  1. Open https://beta.observablehq.com/@mythmon/normandy-timer-increase-study-enrollment
  2. Look in the network console
  3. See the following error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://sql.telemetry.mozilla.org/api/queries/52031/results.json?api_key=hTmoNe785VK4o5uRx86sSvO35xHiYnnfls8MB75l. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Previously (about 3 weeks ago), the CORS headers were included, allowing external dashboards like this to work.

The query I'm trying to read data from is https://sql.telemetry.mozilla.org/queries/52031.

Technical details:
@rafrombrc rafrombrc added this to the 13.4 milestone May 23, 2018
@rafrombrc rafrombrc modified the milestones: 13.4, 14 May 23, 2018
@alison985 alison985 self-assigned this May 27, 2018
@alison985
Copy link

Previous work related to this as a reference: getredash#1374

@rafrombrc Currently re:Dash code requires the requesting website to send an "Origin" header. If I modify the request headers using this Firefox Add-On https://addons.mozilla.org/en-US/firefox/addon/modify-header-value/ to send the "Origin" header then I get the "Access-Control-Allow-Origin" response header on my local. Do we want to remove the requirement that the requesting website has to send an "Origin" header?

@robotblake
Copy link

So this issue actually appears to be down to the result set being too large, postgres is reporting ~384MB, did something change in the query or the underlying data set?

@mythmon
Copy link
Author

mythmon commented May 30, 2018

It makes sense that the dataset grew over time. I'm a bit surprised by the amount though.

It would be nice if there was a more direct error.

@alison985 alison985 mentioned this issue Jun 6, 2018
Closed
@alison985
Copy link

Captured that CORS headers should be captured in 500 errors here: #416

@snyk-bot snyk-bot mentioned this issue Aug 17, 2021
Open
@MaxMood96 MaxMood96 mentioned this issue Apr 27, 2022
Open
@MaxMood96 MaxMood96 mentioned this issue Apr 30, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alison985 alison985

Labels
in progress
Projects
None yet
Milestone
14
Development

No branches or pull requests
4 participants
@robotblake @rafrombrc @mythmon @alison985