<html><head><style>
body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
padding:1em;
margin:auto;
background:#fefefe;
}
h1, h2, h3, h4, h5, h6 {
font-weight: bold;
}
h1 {
color: #000000;
font-size: 28pt;
}
h2 {
border-bottom: 1px solid #CCCCCC;
color: #000000;
font-size: 24px;
}
h3 {
font-size: 18px;
}
h4 {
font-size: 16px;
}
h5 {
font-size: 14px;
}
h6 {
color: #777777;
background-color: inherit;
font-size: 14px;
}
hr {
height: 0.2em;
border: 0;
color: #CCCCCC;
background-color: #CCCCCC;
}
p, blockquote, ul, ol, dl, li, table, pre {
margin: 15px 0;
}
a, a:visited {
color: #4183C4;
background-color: inherit;
text-decoration: none;
}
#message {
border-radius: 6px;
border: 1px solid #ccc;
display:block;
width:100%;
height:60px;
margin:6px 0px;
}
button, #ws {
font-size: 12 pt;
padding: 4px 6px;
border-radius: 5px;
border: 1px solid #bbb;
background-color: #eee;
}
code, pre, #ws, #message {
font-family: Monaco;
font-size: 10pt;
border-radius: 3px;
background-color: #F8F8F8;
color: inherit;
}
code {
border: 1px solid #EAEAEA;
margin: 0 2px;
padding: 0 5px;
}
pre {
border: 1px solid #CCCCCC;
overflow: auto;
padding: 4px 8px;
}
pre > code {
border: 0;
margin: 0;
padding: 0;
}
#ws { background-color: #f8f8f8; }
.bloop_markdown table {
border-collapse: collapse;
font-family: Helvetica, arial, freesans, clean, sans-serif;
color: rgb(51, 51, 51);
font-size: 15px; line-height: 25px;
padding: 0; }
.bloop_markdown table tr {
border-top: 1px solid #cccccc;
background-color: white;
margin: 0;
padding: 0; }
.bloop_markdown table tr:nth-child(2n) {
background-color: #f8f8f8; }
.bloop_markdown table tr th {
font-weight: bold;
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr td {
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr th :first-child, table tr td :first-child {
margin-top: 0; }
.bloop_markdown table tr th :last-child, table tr td :last-child {
margin-bottom: 0; }
.bloop_markdown blockquote{
border-left: 4px solid #dddddd;
padding: 0 15px;
color: #777777; }
blockquote > :first-child {
margin-top: 0; }
blockquote > :last-child {
margin-bottom: 0; }
.send { color:#77bb77; }
.server { color:#7799bb; }
.error { color:#AA0000; }</style></head><body><p>The problem that I’m facing right now is that I’m trying to access MakeDrive server using Appmaker and Nimble (Brackets running in web apache).</p>
<p>I have both running locally appmaker=localhost:5001 and nimble=localhost:9001</p>
<p>And I have this code</p>
<pre><code>crossOriginHandler: function( req, res, next ) {
f (env.get("ALLOWED_CORS_DOMAINS").indexOf(req.headers.origin) > -1) {
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Credentials', true);
}
next();
},
</code></pre>
<p>The problem here is that only Nimble can access but Appmaker getting this error</p>
<p><code>Imported resource from origin 'http://localhost:9090' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://localhost:5001' is therefore not allowed access.</code></p>
<p>–<br>
Ali Al Dallal<br>
Sent with Airmail</p>
<p>On July 22, 2014 at 5:21:35 PM, Jon Buckley (jon@mozillafoundation.org) wrote:</p>
<p>Ali, can you explain the CORS issues in depth or point me at a bug? We have multiple CORS domains set on our events API: https://github.com/mozilla/webmaker-events-service/blob/master/routes/cors.js </p>
<p>On Jul 22, 2014, at 4:42 PM, David Humphrey <a href="mailto:david.humphrey@senecacollege.ca">david.humphrey@senecacollege.ca</a> wrote: </p>
<blockquote>
<p>We need a hand getting the MakeDrive authentication story figured out, specifically so we can work in a Webmaker Auth environment. I’ve had bits and pieces of this conversation with wex/jbuck, but I need more help. </p>
<p>MakeDrive is: </p>
<ul>
<li><p>a Webmaker service that doesn’t manage authentication (you don’t sign-in/sign-out of MakeDrive), but it (currently) uses Webmaker auth info stored on the session cookie. </p></li>
<li><p>based on WebSockets. Everything involved in syncing happens over a socket. </p></li>
<li><p>but the very first connection has to be to get a token to give the socket, so we know that you are who you say you are. </p></li>
</ul>
<p>At the moment, we do this: </p>
<p>1) user does a GET request to /api/sync and the server looks for a Webmaker Auth cookie to decrypt and get the username. If it’s found, a sync token (uuid) is stored and returned. If not, 401. </p>
<p>2) user takes sync token from step 1, and connects to web socket. First protocol message is a handshake with that token. </p>
<p>3) server inspects token from user and compares to token it stored in step 1). If they match, the sync protocol continues, otherwise the server socket hangs up. </p>
<p>By its nature, MakeDrive is cross origin for every app we’ll write. Imagine it lives on drive.webmaker.org and you’re working on building awesome.webmaker.org. Or, your life could be even harder and you could be Atul working in an extension. No matter who you are, you don’t live on drive.webmaker.org, so all your calls are cross origin. </p>
<p>We’re trying to get the CORS headers right, but it seems like we can only set a single CORS domain to whitelist. Ali has more details and can reply. </p>
<p>Trying to debug this I’m starting to wonder if we’ve just got to improve how we’re doing this. There was talk about having a oauth type flow for Webmaker authentication, and then we could use that to pass credentials to /api/sync on the query string, and get the token that way without needing to bother with session cookies. </p>
<p>Can I get some help to figure this out? It’s going to block any serious uses of MakeDrive, and we’re pretty much ready to get an MVP deployed by the end of the week. </p>
<p>Dave </p>
<hr>
<p>Webmaker-dev mailing list
Webmaker-dev@mozilla.org
https://mail.mozilla.org/listinfo/webmaker-dev </p>
</blockquote>
<hr>
<p>Webmaker-dev mailing list
Webmaker-dev@mozilla.org
https://mail.mozilla.org/listinfo/webmaker-dev </p></body></html>