New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
(#4189) - better CORS error message #4190
Conversation
This is such a good change, thanks a lot @nolanlawson . It's going to help so many people. 💃 |
Cripes, it would have helped me. :) I was scratching my head over this bug for a good 20 minutes recently, before I realized I forgot to enable CORS. 😛 |
This PR breaks Firefox and I cannot reproduce. |
Looks like Travis is using an older version of Firefox that still has that blob+ajax bug. I think this is a good time to just simplify |
Actually, it just occurred to me that that can't possibly be the issue. I think I'm just going to scale back the ambition of this PR and make it only log a warning, not try to refactor the error code. |
Green! :) |
Nice, ac56d71 |
There's a problem with this change: CORS issues are indistinguishable from other network problems by design. You simply can't really check for this. I'm afraid this change needs to be backed out. For context, I just spent 20min looking at the code and trying to figure out why I was getting a CORS error for a request that wasn't even cross-domain :) |
The vast majority of our users come up against statusCode 0 due to cors, the wording could be a little bit clearer with some bikeshedding, but this doesnt need backed out |
Sure, that works too. Note that in the specific instance that I've bumped into the |
Agree we should change the error message to say something like
|
Is it possible to detect that header and only show the message if it isn't there? |
Apparently no. I think it makes more sense to soften the warning message. Or just remove it. For the record, to everybody saying they wasted time because of this message: I apologize, but keep in mind we've been hearing for years that new users forget to enable CORS, and spend a lot of time hunting down the error. |
Being that this is a PR with code against it, fairly confusing to have it open, lets close this and reopen the issue filed - #4256 |
@nolanlawson FWIW no need to apologise, you tried to solve a real problem, nothing wrong with that. It's unfortunate that the Web's security model relies on hiding this sort of information. |
This adds a console error for browser users when we detect CORS is unavailable, and it also uses a custom 405 error instead of "UnknownError".
Here's what it looks like in Chrome:
And in Firefox: