CORS header/redirect issues cause geoJSON tile layer to fail on profile pages #208
Comments
|
Verified that the CORS header is present on direct requests to the API:
/tmp/api.txt: Access-Control-Allow-Methods: HEAD, OPTIONS, GET
Access-Control-Allow-Origin: *
Access-Control-Max-Age: 21600
Cache-Control: public,max-age=86400
Content-Type: application/json
Date: Mon, 28 Nov 2016 02:56:01 GMT
Server: nginx/1.4.6 (Ubuntu)
Content-Length: 16052
Connection: keep-alive |
|
This was an unintended side-effect of the changes I made to (1) support SSL on embed.censusreporter.org URLs and (2) redirection to SSL. It's fixed now, but I'll throw some extra details below to hopefully help us if we run into this in the future. Back when we added SSL support to the site, I implemented it using Amazon's free SSL certificates. The load balancer that sits in front of our instances uses the free SSL certificate to serve api.censusreporter.org and censusreporter.org over HTTPS. This worked well because the ELB would listen on 80 and 443 for HTTP and HTTPS respectively and would forward the requests on to the instances' nginx servers on port 80 with HTTP. There was no configuration or code change required for the api or django apps. However, when users visited the site on HTTPS, the vector tiles on the profile page wouldn't load because they were sent over HTTP and browsers don't like it when a secure page requests insecure content. At the time, we were serving tiles from the To solve this, I set up a CloudFront distribution using the same SSL certificate as the ELB above. The CloudFront distribution serves the Later, we wanted to redirect all of our visitors to HTTPS. To do this, I changed the nginx configuration so that it would listen to two ports: 80 and 1443. The server listening on port 80 redirects the browser to the HTTPS version of whatever URL was requested. The server listening on port 1443 would serve content without doing any redirection. Since the ELB and CloudFront are actually doing the SSL for us, neither of these servers used SSL, thus the odd 1443 port number. When I set this up, I told the ELB to direct HTTPS requests to port 1443 and regular HTTP requests to port 80. This way, when a user makes an HTTP request to api.censusreporter.org or censusreporter.org, the ELB will make the request to the nginx on port 80 and they will be redirected to the HTTPS version of the page with an HTTP 301 redirect. When they make the same request with HTTPS, it will go to nginx on port 1443 and the data will be returned directly (without a redirect). This leads us to the problem in this ticket: when the |
When loading a profile page, the expected map layer showing other geographies of the same summary level is not appearing.
In the console, errors like this appear for each tile:
I feel like something like this has happened before, but I can't recall the circumstances.
My first guess was that the CORS headers just weren't being sent for redirects, because we have the trick where it tries S3 and redirects to the API if the cache is empty.
I have verified that https://s3.amazonaws.com/embed.censusreporter.org/1.0/geo/tiger2015/tiles/050/10/275/409.geojson
is an available file. However, when trying to
curlit using the CR domain:https://embed.censusreporter.org/1.0/geo/tiger2015/tiles/050/10/275/409.geojson
I get a 301 redirect (with no CORS header, but that's beginning to look like a corollary to the real issue) The 301 comes from Cloudfront:
Here's the config for the
embed.censusreporter.orgS3 bucket:The text was updated successfully, but these errors were encountered: