Parts of pyscript.net are failing to load due to cross-origin blocks

[danyeaw]

Hi! When signing up for the newsletter, instead of getting the expected Thank you!

I am getting a new tab opening that has a JSON success message:

If I open Firefox Web Developer Tools, and go to the Console, resources are failing to load due to Cross-Origin (CORS) blocks:

The resource at “https://groot.mailerlite.com/js/w/webforms.min.js?v2d8fb22bb5b3677f161552cd9e774127” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See https://developer.mozilla.org/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)# pyscript.net
The resource at “https://assets.mlcdn.com/fonts.css?version=1726484” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See https://developer.mozilla.org/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)# pyscript.net
The resource at “https://groot.mailerlite.com/js/w/webforms.min.js?v2d8fb22bb5b3677f161552cd9e774127” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See https://developer.mozilla.org/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)# pyscript.net
Loading failed for the <script> with source “https://groot.mailerlite.com/js/w/webforms.min.js?v2d8fb22bb5b3677f161552cd9e774127”. pyscript.net:1172:128
Loading failed for the <script> with source “https://cdn.heapanalytics.com/js/heap-758475466.js”. pyscript.net:1:1
[pyscript/main] PyScript Ready 2 core-BMvWRHAB.js:3:1804
The resource at “https://assets.mlcdn.com/fonts.css?version=1726484” was blocked due to its Cross-Origin-Resource-Policy header (or lack thereof). See https://developer.mozilla.org/docs/Web/HTTP/Cross-Origin_Resource_Policy_(CORP)# pyscript.net

I am also getting similar behavior in Chrome:

       Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
webforms.min.js:1 
        
       Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
cdn.heapanalytics.com/js/replay/8170-Main-prod-heap/container.js:1 
        
       Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
heapanalytics.com/h?a=758475466&u=303731537912502&v=8299932798170653&s=8446396206317250&b=web&tv=4.0&z=0&h=%2F&d=pyscript.net&t=PyScript%20is%20an%20open%20source%20platform%20for%20Python%20in%20the%20browser.&k=Screen%20Resolution&k=1920%20x%201080&ts=1737033932705&ubv=132.0.6834.84&upv=15.2.0&sch=883&scw=1686&st=1737033937706&lv=4.23.4&ld=cdn.heapanalytics.com:1 
        
       Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep
Chrome is moving towards a new experience that allows users to choose to browse without third-party cookies.

Since we are hosting pyscript.net on a S3 bucket, we may need to update the CORS configuration:
https://docs.aws.amazon.com/AmazonS3/latest/userguide/enabling-cors-examples.html

[WebReflection]

I think this is a known issue but I'll ping @FabioRosado as he might know more.

IIRC, but probably you know it already, some analytics script injects stuff and unfortunately there's no way to know if a request won't succeed until it's tried but these warnings never made our project or PSDC fail, it's just eventually an analytic issue, not our code or service.

[FabioRosado]

I'm not entirely sure as I didn't work on this, but if there are some cors issues we may need to talk with infra to see if they can be added or if we can just ignore them

[ntoll]

Isn't this just that mailerlite won't serve to our domain?

[danyeaw]

Unfortunately, it doesn't look like the changes we made to the CORS config on the Anaconda S3 infrastructure fixed the issue yet. If someone could please reopen the issue - it doesn't look like I have access 👍