<html xmlns="http://www.w3.org/1999/xhtml"><head>
<style type="text/css">body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
padding:1em;
margin:auto;
background:#fefefe;
}
h1, h2, h3, h4, h5, h6 {
font-weight: bold;
}
h1 {
color: #000000;
font-size: 28pt;
}
h2 {
border-bottom: 1px solid #CCCCCC;
color: #000000;
font-size: 24px;
}
h3 {
font-size: 18px;
}
h4 {
font-size: 16px;
}
h5 {
font-size: 14px;
}
h6 {
color: #777777;
background-color: inherit;
font-size: 14px;
}
hr {
height: 0.2em;
border: 0;
color: #CCCCCC;
background-color: #CCCCCC;
}
p, blockquote, ul, ol, dl, li, table, pre {
margin: 15px 0;
}
a, a:visited {
color: #4183C4;
background-color: inherit;
text-decoration: none;
}
#message {
border-radius: 6px;
border: 1px solid #ccc;
display:block;
width:100%;
height:60px;
margin:6px 0px;
}
button, #ws {
font-size: 12 pt;
padding: 4px 6px;
border-radius: 5px;
border: 1px solid #bbb;
background-color: #eee;
}
code, pre, #ws, #message {
font-family: Monaco;
font-size: 10pt;
border-radius: 3px;
background-color: #F8F8F8;
color: inherit;
}
code {
border: 1px solid #EAEAEA;
margin: 0 2px;
padding: 0 5px;
}
pre {
border: 1px solid #CCCCCC;
overflow: auto;
padding: 4px 8px;
}
pre > code {
border: 0;
margin: 0;
padding: 0;
}
#ws { background-color: #f8f8f8; }
.bloop_markdown table {
border-collapse: collapse;
font-family: Helvetica, arial, freesans, clean, sans-serif;
color: rgb(51, 51, 51);
font-size: 15px; line-height: 25px;
padding: 0; }
.bloop_markdown table tr {
border-top: 1px solid #cccccc;
background-color: white;
margin: 0;
padding: 0; }
.bloop_markdown table tr:nth-child(2n) {
background-color: #f8f8f8; }
.bloop_markdown table tr th {
font-weight: bold;
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr td {
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr th :first-child, table tr td :first-child {
margin-top: 0; }
.bloop_markdown table tr th :last-child, table tr td :last-child {
margin-bottom: 0; }
.bloop_markdown blockquote{
border-left: 4px solid #dddddd;
padding: 0 15px;
color: #777777; }
blockquote > :first-child {
margin-top: 0; }
blockquote > :last-child {
margin-bottom: 0; }
.send { color:#77bb77; }
.server { color:#7799bb; }
.error { color:#AA0000; }</style>
<style type="text/css">body {
font-family: "Helvetica Neue", Helvetica, Arial, sans-serif;
padding:1em;
margin:auto;
background:#fefefe;
}
h1, h2, h3, h4, h5, h6 {
font-weight: bold;
}
h1 {
color: #000000;
font-size: 28pt;
}
h2 {
border-bottom: 1px solid #CCCCCC;
color: #000000;
font-size: 24px;
}
h3 {
font-size: 18px;
}
h4 {
font-size: 16px;
}
h5 {
font-size: 14px;
}
h6 {
color: #777777;
background-color: inherit;
font-size: 14px;
}
hr {
height: 0.2em;
border: 0;
color: #CCCCCC;
background-color: #CCCCCC;
}
p, blockquote, ul, ol, dl, li, table, pre {
margin: 15px 0;
}
a, a:visited {
color: #4183C4;
background-color: inherit;
text-decoration: none;
}
#message {
border-radius: 6px;
border: 1px solid #ccc;
display:block;
width:100%;
height:60px;
margin:6px 0px;
}
button, #ws {
font-size: 12 pt;
padding: 4px 6px;
border-radius: 5px;
border: 1px solid #bbb;
background-color: #eee;
}
code, pre, #ws, #message {
font-family: Monaco;
font-size: 10pt;
border-radius: 3px;
background-color: #F8F8F8;
color: inherit;
}
code {
border: 1px solid #EAEAEA;
margin: 0 2px;
padding: 0 5px;
}
pre {
border: 1px solid #CCCCCC;
overflow: auto;
padding: 4px 8px;
}
pre > code {
border: 0;
margin: 0;
padding: 0;
}
#ws { background-color: #f8f8f8; }
.bloop_markdown table {
border-collapse: collapse;
font-family: Helvetica, arial, freesans, clean, sans-serif;
color: rgb(51, 51, 51);
font-size: 15px; line-height: 25px;
padding: 0; }
.bloop_markdown table tr {
border-top: 1px solid #cccccc;
background-color: white;
margin: 0;
padding: 0; }
.bloop_markdown table tr:nth-child(2n) {
background-color: #f8f8f8; }
.bloop_markdown table tr th {
font-weight: bold;
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr td {
border: 1px solid #cccccc;
margin: 0;
padding: 6px 13px; }
.bloop_markdown table tr th :first-child, table tr td :first-child {
margin-top: 0; }
.bloop_markdown table tr th :last-child, table tr td :last-child {
margin-bottom: 0; }
.bloop_markdown blockquote{
border-left: 4px solid #dddddd;
padding: 0 15px;
color: #777777; }
blockquote > :first-child {
margin-top: 0; }
blockquote > :last-child {
margin-bottom: 0; }
.send { color:#77bb77; }
.server { color:#7799bb; }
.error { color:#AA0000; }</style>
<style type="text/css">body{font-family:Helvetica,Arial;font-size:13px}</style>
<title></title>
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
I got it working!!! I had to do this<div class="bloop_markdown">
<pre><code>app.use( middleware.crossOriginHandler );</code><br></pre>
<p></p>
</div>
<div class="bloop_original_html">
<div class="bloop_markdown">
<p></p>
</div>
<div class="bloop_original_html">
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
Which is now allowing me to access from that two domains as we expected it to be :)
</div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;"><br></div><div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">Thank you guys!</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
<div>
<br>
</div>
</div>
<div id="bloop_customfont" style="font-family:Helvetica,Arial;font-size:13px; color: rgba(0,0,0,1.0); margin: 0px; line-height: auto;">
<br>
</div>
<div id="bloop_sign_1406064905877376000" class="bloop_sign">
<div style="font-family:helvetica,arial;font-size:13px">-- <br>
Ali Al Dallal<br>
Sent with Airmail
</div>
</div>
<br>
<p style="color:#000;">On July 22, 2014 at 5:32:55 PM, Kate Hudson (<a href="mailto:kate@mozillafoundation.org">kate@mozillafoundation.org</a>
) wrote:
</p>
<blockquote type="cite" class="clean_bq">
<div style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div>
<span>One thing I notice is that you need to add 'Access-Control-Allow-Headers’, and include a list of all headers you’re sending</span>
<div>
<span>
<br>
</span>
</div>
<div>
<span>- K<br>
</span>
<div>
<span>
<br>
</span>
</div>
<div>
<div>
<span>On Jul 22, 2014, at 5:31 PM, Ali Al Dallal <<a href="mailto:alihuda2002@gmail.com">alihuda2002@gmail.com</a>
> wrote:</span>
</div>
<span>
<br class="Apple-interchange-newline">
</span>
<blockquote type="cite">
<div style="font-family: 'Helvetica Neue', Helvetica, Arial, sans-serif; padding: 1em; margin: auto; background-color: rgb(254, 254, 254); font-size: 12px; font-style: normal; font-variant: normal; font-weight: normal; letter-spacing: normal; line-height: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px;">
<p style="margin: 15px 0px;">
<span>The problem that I’m facing right now is that I’m trying to access MakeDrive server using Appmaker and Nimble (Brackets running in web apache).</span>
</p>
<p style="margin: 15px 0px;">
<span>I have both running locally appmaker=localhost:5001 and nimble=localhost:9001</span>
</p>
<p style="margin: 15px 0px;">
<span>And I have this code</span>
</p>
<pre style="margin: 15px 0px; font-family: Monaco; font-size: 10pt; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); color: inherit; border: 1px solid rgb(204, 204, 204); overflow: auto; padding: 4px 8px;"> <span>
<code style="font-family: Monaco; font-size: 10pt; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); color: inherit; border: 0px; margin: 0px; padding: 0px;">crossOriginHandler: function( req, res, next ) {
f (env.get("ALLOWED_CORS_DOMAINS").indexOf(req.headers.origin) > -1) {
res.header('Access-Control-Allow-Origin', req.headers.origin);
res.header('Access-Control-Allow-Credentials', true);
}
next();
},
</code>
</span>
</pre>
<p style="margin: 15px 0px;">
<span>The problem here is that only Nimble can access but Appmaker getting this error</span>
</p>
<p style="margin: 15px 0px;">
<span>
<code style="font-family: Monaco; font-size: 10pt; border-top-left-radius: 3px; border-top-right-radius: 3px; border-bottom-right-radius: 3px; border-bottom-left-radius: 3px; background-color: rgb(248, 248, 248); color: inherit; border: 1px solid rgb(234, 234, 234); margin: 0px 2px; padding: 0px 5px;">Imported resource from origin '<a href="http://localhost:9090'" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">http://localhost:9090'</a>
<span class="Apple-converted-space"> </span>
has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin '<a href="http://localhost:5001'" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">http://localhost:5001'</a>
<span class="Apple-converted-space"> </span>
is therefore not allowed access.</code>
</span>
</p>
<p style="margin: 15px 0px;">–<br>
Ali Al Dallal<br>
Sent with Airmail
</p>
<p style="margin: 15px 0px;">On July 22, 2014 at 5:21:35 PM, Jon Buckley (<a href="mailto:jon@mozillafoundation.org">jon@mozillafoundation.org</a>
) wrote:
</p>
<p style="margin: 15px 0px;">Ali, can you explain the CORS issues in depth or point me at a bug? We have multiple CORS domains set on our events API: <a href="https://github.com/mozilla/webmaker-events-service/blob/master/routes/cors.js">https://github.com/mozilla/webmaker-events-service/blob/master/routes/cors.js</a>
</p>
<p style="margin: 15px 0px;">On Jul 22, 2014, at 4:42 PM, David Humphrey<span class="Apple-converted-space"> </span>
<a href="mailto:david.humphrey@senecacollege.ca" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">david.humphrey@senecacollege.ca</a>
<span class="Apple-converted-space"> </span>
wrote:
</p>
<blockquote style="margin: 15px 0px;">
<p style="margin: 0px 0px 15px;">We need a hand getting the MakeDrive authentication story figured out, specifically so we can work in a Webmaker Auth environment. I’ve had bits and pieces of this conversation with wex/jbuck, but I need more help.
</p>
<p style="margin: 15px 0px;">MakeDrive is:
</p>
<ul style="margin: 15px 0px;">
<li style="margin: 15px 0px;">
<p style="margin: 15px 0px;">a Webmaker service that doesn’t manage authentication (you don’t sign-in/sign-out of MakeDrive), but it (currently) uses Webmaker auth info stored on the session cookie.
</p>
</li>
<li style="margin: 15px 0px;">
<p style="margin: 15px 0px;">based on WebSockets. Everything involved in syncing happens over a socket.
</p>
</li>
<li style="margin: 15px 0px;">
<p style="margin: 15px 0px;">but the very first connection has to be to get a token to give the socket, so we know that you are who you say you are.
</p>
</li>
</ul>
<p style="margin: 15px 0px;">At the moment, we do this:
</p>
<p style="margin: 15px 0px;">1) user does a GET request to /api/sync and the server looks for a Webmaker Auth cookie to decrypt and get the username. If it’s found, a sync token (uuid) is stored and returned. If not, 401.
</p>
<p style="margin: 15px 0px;">2) user takes sync token from step 1, and connects to web socket. First protocol message is a handshake with that token.
</p>
<p style="margin: 15px 0px;">3) server inspects token from user and compares to token it stored in step 1). If they match, the sync protocol continues, otherwise the server socket hangs up.
</p>
<p style="margin: 15px 0px;">By its nature, MakeDrive is cross origin for every app we’ll write. Imagine it lives on <a href="http://drive.webmaker.org">drive.webmaker.org</a>
and you’re working on building <a href="http://awesome.webmaker.org">awesome.webmaker.org</a>
. Or, your life could be even harder and you could be Atul working in an extension. No matter who you are, you don’t live on <a href="http://drive.webmaker.org">drive.webmaker.org</a>
, so all your calls are cross origin.
</p>
<p style="margin: 15px 0px;">We’re trying to get the CORS headers right, but it seems like we can only set a single CORS domain to whitelist. Ali has more details and can reply.
</p>
<p style="margin: 15px 0px;">Trying to debug this I’m starting to wonder if we’ve just got to improve how we’re doing this. There was talk about having a oauth type flow for Webmaker authentication, and then we could use that to pass credentials to /api/sync on the query string, and get the token that way without needing to bother with session cookies.
</p>
<p style="margin: 15px 0px;">Can I get some help to figure this out? It’s going to block any serious uses of MakeDrive, and we’re pretty much ready to get an MVP deployed by the end of the week.
</p>
<p style="margin: 15px 0px;">Dave
</p>
<hr style="height: 0.2em; border: 0px; color: rgb(204, 204, 204); background-color: rgb(204, 204, 204);">
<p style="margin: 15px 0px 0px;">Webmaker-dev mailing list <a href="mailto:Webmaker-dev@mozilla.org">Webmaker-dev@mozilla.org</a>
<a href="https://mail.mozilla.org/listinfo/webmaker-dev">https://mail.mozilla.org/listinfo/webmaker-dev</a>
</p>
</blockquote>
<hr style="height: 0.2em; border: 0px; color: rgb(204, 204, 204); background-color: rgb(204, 204, 204);">
<p style="margin: 15px 0px;">Webmaker-dev mailing list <a href="mailto:Webmaker-dev@mozilla.org">Webmaker-dev@mozilla.org</a>
<a href="https://mail.mozilla.org/listinfo/webmaker-dev">https://mail.mozilla.org/listinfo/webmaker-dev</a>
</p>
_______________________________________________<br>
Webmaker-dev mailing list<br>
<a href="mailto:Webmaker-dev@mozilla.org" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">Webmaker-dev@mozilla.org</a>
<br>
<a href="https://mail.mozilla.org/listinfo/webmaker-dev" style="color: rgb(65, 131, 196); background-color: inherit; text-decoration: none;">https://mail.mozilla.org/listinfo/webmaker-dev</a>
<br>
</div>
</blockquote>
</div>
<br>
</div>
<hr>
</div>
</div>
</blockquote>
</div>
<div class="bloop_markdown">
<p></p>
</div>
</div>
<div class="bloop_markdown">
<p></p>
</div>
</body></html>