Ricardo Wurmus writes: > Ludovic Courtès <l...@gnu.org> writes: > >> Roel Janssen <r...@gnu.org> skribis: >> >>> We need to add the following line to the response header at >>> hydra.gnu.org: >>> >>> Access-Control-Allow-Origin: "http://www.gnu.org"; >>> >>> Here's how to do it: >>> http://enable-cors.org/server_nginx.html >>> >>> Which boils down to adding this line to the nginx config: >>> add_header 'Access-Control-Allow-Origin' 'http://www.gnu.org'; >> >> OK, I’ve done that for /api requests (with the full URI, that is >> <https://www.gnu.org/software/guix/packages/> and variants thereof). >> Now, when clicking on “Expand”, IceCat no longer complains about CORS, >> but it fails to expands and reports this: >> >> Blocked loading mixed active content >> >> "http://hydra.gnu.org/api/latestbuilds?nr=1&project=gnu&jobset=master&job=adwaita-icon-theme-3.18.0.x86_64-linux"; >> >> with a link to: >> >> https://developer.mozilla.org/en-US/docs/Security/MixedContent > > This is because the current page is encrypted but the content from hydra > is not. Can we serve hydra.gnu.org/api over HTTPS?
I think that would fix this problem. However, if I browse explicitly to: http://gnu.org/software/guix/packages (the insecure version), I get the following error message: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://hydra.gnu.org/api/latestbuilds?nr=1&project=gnu&jobset=master&job=acme-0.2.0.i686-linux. (Reason: CORS header 'Access-Control-Allow-Origin' does not match 'https://www.gnu.org/software/guix/packages, https://www.gnu.org/software/guix/packages/, https://www.gnu.org/software/guix/packages/index.html, https://gnu.org/software/guix/packages/, http://www.gnu.org/software/guix/packages, http://www.gnu.org/software/guix/packages/, http://www.gnu.org/software/guix/packages/index.html, http://gnu.org/software/guix/packages/'). This is because (at least in my browser), the origin is set to "http://www.gnu.org"; instead of the full path. So could you include "http://www.gnu.org"; in the list as well? Thanks, Roel
