I started seeing issues when trying to add a new plugin to asset_link and that is that all plugins hosted on github fails to load with with a error in the web browser console that looks like this Access to fetch at ‘https://gist.githubusercontent.com/symbioquine/5593a2000dbd4762c090449ad89fb231/raw/0f8aef3b25a63216bde4aaf8a69260b851cf2003/QuickPhotoObservation.alink.vue’ from origin ‘https://farm.jorblad.se’ has been blocked by CORS policy: Response to preflight request doesn’t pass access control check: It does not have HTTP ok status.
This is most likely an issue with your cors config. It may be in the Drupal config file but also an issue with any reverse proxy setup.
It’s also possible that GitHub could have changed the CORS-related headers they’re sending for such requests. I’ll see if I can reproduce it on my end…
1 Like
It worked for me just now.
Probably @Farmer-Ed is right, though I can’t think what sort of bad configuration (on your end) would cause the behavior you’re seeing…
I will also try to set drupal cors settings and if I can fix it that way or if I need to see what I can do in my caddy reverse proxy. But right now I got some other issues because my truenas machine stopped working at all…
What browser are you using? Can you send a screenshot of the pre-flight request in your browser’s console?
Im using edge but its the same in safari, I’m getting http 403 but using curl or open the plugin directly in the browser works fine.
Hmmm, I’d toward putting the plugins into a farmOS module instead of running some sort of proxy to get around the CORS issue.
That said, I’m surprised it’s working for me but not working for you. (With the same plugin urls.) I thought at first it might be a difference between loading from a GitHub Gist vs a repo, but that doesn’t seem to be the case - I can also load your HarvestLogPlants.alink.vue plugin just fine.
Can you try it in Firefox (the browser I just tested in)? (To see if it’s a browser issue or an issue with your farmOS/proxy/domain configuration.)
- If it works for you in Firefox, that suggests it might be something about Edge/Safari that is stricter for these CORS-related protections.
- If it doesn’t work for you in Firefox, that suggests it might be something with how your farmOS/proxy/domain are configured.
Cors Headers are coming through in the response which is good and allowed origins is *
I think you’d get a very definite ‘origin not allowed’ or similar if it were that header that was missing
But worth looking at the other settings.
If you click the response tab (or any of the other tabs) above does it give a more detailed description?
Also worth trying in Firefox and checking the same response tab as sometimes it gives a more detailed description of the error compared to Chrome.
Will definitely try in Firefox tomorrow and see what the result is there and if I can find any more what it is that it doesn’t like.
Just tried it in Firefox and first time I got the same error but since my firefox was in swedish I figured it would be more helpful to switch to english, after I did that I don’t get that error in firefox anymore…
1 Like
As in it works as expected in English?
Yes in firefox it was so, edge however does not work in either swedish nor english. Its also possible that something else happened when I changed language in firefox that made it work but that was the only thing I know that I changed…
And now the issue is back even if I still have firefox in english so it was something else that made it look like it was working.
Request headers
OPTIONS /jorblad/FarmOS-Asset-link-plugins/development/Plants/PlantPlantsFromSeed.alink.vue HTTP/2
Host: raw.githubusercontent.com
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:135.0) Gecko/20100101 Firefox/135.0
Accept: */*
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate, br, zstd
Access-Control-Request-Method: GET
Access-Control-Request-Headers: x-skip-cache
Referer: https://farm.jorblad.se/
Origin: https://farm.jorblad.se
Connection: keep-alive
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
Priority: u=4
TE: trailers
Response headers
HTTP/2 403
cache-control: no-cache
content-type: text/html; charset=utf-8
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
x-frame-options: deny
x-xss-protection: 0
content-security-policy: default-src 'none'; style-src 'unsafe-inline'; img-src data:;
accept-ranges: bytes
date: Tue, 11 Feb 2025 09:35:28 GMT
via: 1.1 varnish
x-served-by: cache-bma1660-BMA
x-cache: MISS
x-cache-hits: 0
x-timer: S1739266528.052642,VS0,VE5
access-control-allow-origin: *
cross-origin-resource-policy: cross-origin
x-fastly-request-id: a24d8f8aed5f20cf760102dfb4aa9a571e3c20fc
expires: Tue, 11 Feb 2025 09:40:28 GMT
vary: Authorization,Accept-Encoding
X-Firefox-Spdy: h2
I’d have been very surprised if it were related to language (but stranger things have happened).
Any more info in the other tabs (Maybe Response, or one hidden behind the chevrons). I remember having similar Cors issues myself and there being a better description of the error being other another tab.
Yes me too, but as said stranger things have happened… Response is completely empty as is Initiator on the preflight one.
My feeling is it is related to your Reverse Proxy, I’m not familiar with Caddy. But has it got CORS configured too? I think some weirdness can happen if CORS is configured at both the Reverse Proxy and your Server. If CORS is configured in your farmOS/Drupal config then you need to make sure Caddy doesn’t respond, modify or strip off any CORS headers and allows them to pass through in both directions.
I am just guessing at this stage though.
Very well could be, will be interesting to see if I get the same issue when I spin it up in kubernetes, Caddy shouldn’t touch the CORS headers but I can’t say for sure…
Found why it wouldn’t load my plugin, I had missed the .alink part of the file name. So the CORS error that I get when trying to reload a plugin from the asset link settings is something else because if I clear cache and reload it gets the latest version of the plugins and the new plugin is added.
3 Likes