-
Notifications
You must be signed in to change notification settings - Fork 23
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS issue while fetch assets #30
Comments
I'm experimenting the same issue when injecting this component into an OpenEdx instance. Hope it will be fixed soon. |
Hello folks, we've been using the 3.6.0 for quite some time and it was working as expected. However, one of my teammates found this issue in their remote environments. @ziafazal: this issue might be something affecting some of the H5P xblock adopters. Can we do something in the meantime? Like the hotfix @igobranco proposed. |
The h5p-standalone added credentials mode to be 'include' that breaks when loading h5p content from an external storage (S3). So the current solution is to use an older version of the h5p-standalone version (v3.5.1). fixes edly-io#30 relates to tunapanda/h5p-standalone#151
@ziafazal @mariajgrimaldi and @yagouam I've opened a PR #31 with my fix. |
I'll deploy the fix in our environment to test it out. Thanks @igobranco! |
@igobranco @mariajgrimaldi thanks for escalating this and relevant PR. BTW you upstream PR got approved too. Wondering if we can get a new version of h5p-standalone package that would be great. |
This issue looks like it's been happening for some time: master...open-craft:h5pxblock:farhaan/cors-issue-method I'll include @farhaanbukhsh in this thread since he's the author of those commits. |
@igobranco @mariajgrimaldi I have tested using H5P xblock's latest version with S3 storage and it works fine. I think issue stem from your S3 bucket's Cross-origin resource sharing (CORS) configuration. If you have set My S3 bucket's CORS
|
@ziafazal You are correct, and the reason I forked and made those changes is that we are using DO spaces and they have a bug while setting |
I finally tested H5P again in an installation with MinIO, and it worked; that's the installation I mentioned here that's been working fine with 3.6.0. I'll share this solution with my teammates who have access to installations with S3 and other providers. Thank you folks. |
@ziafazal you are right. In the past I've included configured the I've installed again the h5pxblock with the <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
<AllowedOrigin>https://lms.dev.nau.fccn.pt</AllowedOrigin>
<AllowedOrigin>https://partner-site.dev.nau.fccn.pt</AllowedOrigin>
<AllowedOrigin>https://studio.dev.nau.fccn.pt</AllowedOrigin>
<AllowedMethod>GET</AllowedMethod>
<AllowedMethod>POST</AllowedMethod>
<AllowedMethod>DELETE</AllowedMethod>
<AllowedMethod>PUT</AllowedMethod>
<AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration> Then I view this error:
I think this is an issue related to the difference implementation of AWS S3 and Ceph S3. I understand that this xblock doesn't need a fix for a specific environment. |
Upgrade h5p-standalone to `3.7.0` version. Release notes: https://github.com/tunapanda/h5p-standalone/releases/tag/v3.7.0 Bug Fixes: - CORS issue while fetch assets - library not use assetsRequestFetchOptions tunapanda/h5p-standalone#151 edly-io#30
The error reported by the console is
CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'
.The h5p-standalone version 3.6.0 introduced a new feature accept override of assets fetch function. On the code is the
assetsRequestFetchOptions
option.This feature has included the
credentials
property while fetching assets (using the Fetch API) with theinclude
value instead of the defaultsame-origin
.This breaking change, I think, makes the loading of H5P content from a different domain not possible, like when using a S3 Bucket.
I've opened an issue to the h5p-standalone project tunapanda/h5p-standalone#151 but also a PR tunapanda/h5p-standalone#152
Meanwhile and temporary we at nau.edu.pt are using a forked branch with an applied hot fix that uses the older h5p-standalone v3.5.1 that doesn't have this issue.
The text was updated successfully, but these errors were encountered: