Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

Cross site deployment (widgetset from "CDN") fails on Firefox if Responsive is used #6121

Closed
vaadin-bot opened this Issue Jan 15, 2015 · 7 comments

Comments

Projects
None yet
1 participant
Collaborator

vaadin-bot commented Jan 15, 2015

Originally by @mstahv


If widgetset is hosted from a separate domain, a security exception is raised from searchForBreakPoints method in ResponsiveConnector (if in use). This is probably a bug in FF, and it might be that there is no proper workaround, but the method should be graceful. Currently it takes down the whole application.


Imported from https://dev.vaadin.com/ issue #16249

Collaborator

vaadin-bot commented Jan 15, 2015

Originally by @jouni


Most likely not a bug, and Firefox just doesn't allow a script to inspect a stylesheet from another origin. You should in this case also serve the theme from the same CDN, I suppose.

In any case, this should not take the whole app down, it should just show an error in the console and continue working without any breakpoints defined in the stylesheet which was not parsed.

Collaborator

vaadin-bot commented Apr 15, 2015

Originally by @magi42


This problem always occurs when using web fonts from another domain, as at least Google's web fonts are loaded from a CSS file. In such UI, Responsive doesn't work in Firefox and if debug window is opened, a huge red error box displaying the SecurityError is shown.

For example, when specifying a web font such as the following for a UI:

@StyleSheet({ "http://fonts.googleapis.com/css?family=Cabin+Sketch" })

I suppose could note the incompatibility in the documentation. If this really is unfixable, perhaps there should be a warning in server log about the problem.

Collaborator

vaadin-bot commented Apr 15, 2015

Originally by @magi42


Thinking about a workaround for the issue, one solution that comes to mind is that the Vaadin servlet could fetch the stylesheet from the external server and serve it locally. The Google Fonts API probably creates the stylesheet dynamically based on browser info, so the Vaadin servlet would need to make the request with the browser info received from the user. The url() references in the Google Fonts CSS seem to be complete, but I suppose some other service might use relative URLs.

Well, that's a rather hacky solution, but anyhow wanted to mention the idea.

Of course, the easy solution is to install the needed web fonts in the same application server (such as in the Vaadin app).

Collaborator

vaadin-bot commented Apr 15, 2015

Originally by @mstahv


Like said me and Jouni, the first and critical thing to do for this would be to add the f€king try catch clause around the critical part. That would take about two minutes for someone working with the library daily and should have been fixed three months ago. Then applications wouldn't die anymore on FF, but just fall back to "desktop mode" if only CSS "hacks" are used to adapt the UI for mobile devices.

Collaborator

vaadin-bot commented Jul 7, 2015

Originally by @Legioth


I can't come up with any good way of actually getting access to the css rules of cross domain styles in firefox, but I agree that we should handle the case without red notifications. This is especially true in cases where the cross domain stylesheet isn't even carrying the application theme, but instead just e.g. loading an external web font.

Collaborator

vaadin-bot commented Jul 11, 2015

Originally by @hesara


A warning is now logged to the client side debug console/window but no critical notification dialog is shown if accessing the stylesheet fails.

@vaadin-bot vaadin-bot closed this Jul 11, 2015

@vaadin-bot vaadin-bot added the bug label Dec 10, 2016

@vaadin-bot vaadin-bot added this to the Vaadin 7.5.2 milestone Dec 10, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment