alexandrite icon indicating copy to clipboard operation
alexandrite copied to clipboard
verified publisher icon sheodox

Cannot load content from geddit.social

Open cyrneko opened this issue 2 years ago • 2 comments

https://geddit.social is a Lemmy instance hosted by @[email protected]

It is currently on version 0.18.2, which should be high enough for Alexandrite to work

However, it cannot load any content, stating that it had an error connecting.

The console says:

Access to fetch at 'https://geddit.social/api/v3/site?' from origin 'https://alexandrite.app' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header contains multiple values 'https://alexandrite.app, *', but only one is allowed. Have the server send the header with a valid value, or, if an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.

I am currently using Brave Version 1.56.11 on a Linux Desktop. Firefox and Librewolf show the same issue.

cyrneko avatar Jul 22 '23 19:07 cyrneko

Hey, this is a problem the instance admins will have to fix! Since I think version 0.18.1 of Lemmy it now sets an Access-Control-Allow-Origin header that allows web apps like Alexandrite and Voyager to communicate with Lemmy from the browser instead of having to proxy all the requests through a server. I think some instance admins had previously allowed this by configuring their web server to add Access-Control-Allow-Origin: *, but the problem is if the server responds with both the headers from Lemmy and that workaround you get into this situation, and because browsers consider two values for that header to be invalid everything that Alexandrite tries to do will fail to load like you're seeing. So the solution is just to have the instance admins remove that CORS workaround.

This same thing happened on lemmy.world after they updated a couple weeks ago. https://github.com/LemmyNet/lemmy/issues/3109#issuecomment-1627529346

sheodox avatar Jul 23 '23 20:07 sheodox

Hey, this is a problem the instance admins will have to fix! Since I think version 0.18.1 of Lemmy it now sets an Access-Control-Allow-Origin header that allows web apps like Alexandrite and Voyager to communicate with Lemmy from the browser instead of having to proxy all the requests through a server. I think some instance admins had previously allowed this by configuring their web server to add Access-Control-Allow-Origin: *, but the problem is if the server responds with both the headers from Lemmy and that workaround you get into this situation, and because browsers consider two values for that header to be invalid everything that Alexandrite tries to do will fail to load like you're seeing. So the solution is just to have the instance admins remove that CORS workaround.

This same thing happened on lemmy.world after they updated a couple weeks ago. https://github.com/LemmyNet/lemmy/issues/3109#issuecomment-1627529346

oh, good to know!

I'll inform the instance admin, thank you very much for the help!

cyrneko avatar Jul 25 '23 12:07 cyrneko