Api: JSON component definitions may have incorrect Access-Control-Allow-Origin header cached

Created on 8 Apr 2020  路  3Comments  路  Source: Bungie-net/api

See: https://github.com/DestinyItemManager/DIM/issues/5101

tl;dr: Bungie.net appears to return different Access-Control-Allow-Origin headers based on the referrer of the request to a JSON component definition (https://www.bungie.net in some cases and * in others). Whoever is first to warm up the Cloudflare cache will set the Access-Control-Allow-Origin header for the rest of the requests to the Cloudflare PoP, leading to unexpected behavior in third-party applications.

bug bug filed
Source
picture as-com

Most helpful comment

I have located two problems in our CORS processor code that seem to be related, one of which likely outright causes this problem and the other is the reason for why it is intermittent.

picture Achronos-BNG on 8 Jun 2020
2

All 3 comments

This issue is being tracked. We have a short term workaround for when it happens, but we are investigating the root cause.

Achronos-BNG picture Achronos-BNG on 4 Jun 2020

I have located two problems in our CORS processor code that seem to be related, one of which likely outright causes this problem and the other is the reason for why it is intermittent.

Achronos-BNG picture Achronos-BNG on 8 Jun 2020
2

This should be fixed now.

Achronos-BNG picture Achronos-BNG on 19 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

ghost picture ghost  路  3Comments
cortical-iv picture cortical-iv  路  4Comments
queuebit picture queuebit  路  3Comments
michabbb picture michabbb  路  3Comments
mikewojtkiewicz picture mikewojtkiewicz  路  3Comments