New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

www.slideshare.net だけ CORS policy 設定が反映できない #79

Closed
yasulab opened this Issue Jan 2, 2017 · 9 comments

Comments

Projects
None yet
2 participants
@yasulab
Member

yasulab commented Jan 2, 2017

Facebook, Twitter, Hatena の embedded はうまくいったのに、なぜか www.slideshare.net の embedded だけが対応できない。どうしたものかなぁ... 🤔 (もしかして: SlideShare が HTTPS 対応していないのが関係している?)

Access to Font at 'http://public.slidesharecdn.com/fonts/fontawesome-webfont.woff2?v=4.3.0?cb=1481840525' from origin 'http://www.slideshare.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.slideshare.net' is therefore not allowed access.

screen shot 2017-01-02 at 14 16 13

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 5, 2017

SlideShareが返してるヘッダー全部小文字だから弾かれるのかな、Safariだと問題ないですね>CORS

access-control-allow-credentials:false
access-control-allow-headers:*
access-control-allow-methods:GET
access-control-allow-origin:*
access-control-max-age:86400

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 5, 2017

いたるところで「a case-sensitive match」になってるけど、RecommendationだからSafariは気にしてないって感じかなぁ🤔

If the value of Access-Control-Allow-Origin is not a case-sensitive match for the value of the Origin header as defined by its specification, return fail and terminate this algorithm.
Cross-Origin Resource Sharing https://www.w3.org/TR/cors/

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 5, 2017

結論: こちら側での対応は難しそう。回避するか無視するかのどっちかかな🤔

@hanachin

This comment has been minimized.

Contributor

hanachin commented Jan 5, 2017

こちらでできるのはSlideShareへの問い合わせぐらいですね

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 5, 2017

ダメ元で問い合わせしておきました! 📨

Hi, I have found that slideshare.net wrongly uses 'access-control-allow-origin: *' in the header. According to the specification, it should be case-sensitive.

If the value of Access-Control-Allow-Origin is not a case-sensitive match for the value of the Origin header as defined by its specification, return fail and terminate this algorithm.
Cross-Origin Resource Sharing https://www.w3.org/TR/cors/

Because of this problem, for example, when you visit https://coderdojo.jp with Google Chrome, your console says the following error:

Access to Font at 'http://public.slidesharecdn.com/fonts/fontawesome-webfont.woff2?v=4.3.0?cb=1481840525' from origin 'http://www.slideshare.net' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.slideshare.net' is therefore not allowed access.

I hope this will be fixed soon.

Best,
Yohei

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 6, 2017

うーん、まぁ前例もあるからあまり期待してなかったけど、やっぱり対応してもらえなさそうでした😭 (SlideShareを使わないようにするのが早いかもなぁ🤔)

Hi Yohei,

Thank you for contacting me about having issues with our SlideShare API. SlideShare's API is available free for non-commercial use. Visit our Developers & API page for more information and to apply for an API Key. (http://www.slideshare.net/developers)

In the future, please get in direct contact with their Partner Engineering representative rather than using help.linkedin.com as we do not provide personalized support for the general developer community beyond the resources we make available on http://www.slideshare.net/developers or developer.linkedin.com (e.g. the FAQ, documentation, etc.)
All the best,

Allison
LCS Support Specialist - Mobile

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 10, 2017

頑張ってアレコレ必死に伝えたら、とりあえず escalation してもらえるようになった 😸

Thank you for the information and as stated, this particular issue will need to be escalated to our internal research team. I understand this may be frustrating but as soon as I get an update, I'll let you know.

(あとは向こうの判断にお任せかな🤔)

@yasulab yasulab self-assigned this Jan 15, 2017

@yasulab

This comment has been minimized.

Member

yasulab commented Jan 26, 2017

お、なんと対応してくれるとのこと :) (yay)

Thanks for your patience while our research team looked into this. They have found that what you've encountered is a known issue and I'm very sorry for the inconvenience. Our engineering team is working on it but there's no estimate as to how long that might take. We'll do our best to keep you posted.

@yasulab

This comment has been minimized.

Member

yasulab commented Feb 21, 2017

こちら側でできるところことは全部やれたので、向こう側が対応することを祈りつつ、Issue としては閉じようと思います 🙏 (こちら側でできることはもう無さそうなので)

@yasulab yasulab closed this Feb 21, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment