FireFox 58 and https://api.steemit.com gives missing cross-domain errors.

[smjnab]

I'm sorry but I am not sure where this should go, if here, condenser or steem itself. Also, this could entirely be a FF issue or an issue with dsteem, but figured I post it FYI.

It seems that since yesterday if you try to use https://api.steemit.com for a site and view that site in FireFox 58 you'll get in the console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.steemit.com/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).

Using another node, such as https://gtg.steem.house:8090/ works fine.
Using Chrome/Chromium works fine.
Using FF and going directly to https://api.steemit.com works fine.

Only difference in headers seems to be in the response from api.steemit.com:
content-security-policy : upgrade-insecure-requests
X-Firefox-Spdy : h2

Possibly one of these and some changes in FF 58 (that seems to have been released yesterday) is causing it.

My use case:
I fetch my steem blog using dsteem. This was working perfectly for the 3 weeks since I created it, but last evening I noticed it was not working. Have been troubleshooting today and this is what I managed to gather (I'm not usually doing web development so really have little to no clue).

I also tested using https://playground.steem.vc and same issue there if you change the node to api.steemit.com

[jnordberg]

Thanks for the report, this is a known issue and fixed already. We expect to ship it to production soon, in the meantime feel free to use https://api.steemitstage.com (although there is no availability guarantee here)