Cors bug with Safari

[cdce8p]

Encountered this error today.

Opening the dev console shows:

Failed to load resource: Origin https://ichard26.github.io is not allowed by Access-Control-Allow-Origin. Status code: 421

Interestingly, it seems to work fine with Chrome. Not exactly sure what's going on here with Safari.

[ichard26]

Strange. I wonder if Safari's CORS implementation is excessively strict. Are you still encountering this issue?

Unfortunately I don't have an Apple device to test out Safari so this isn't something I can fix immediately.

[cdce8p]

Strange. I wonder if Safari's CORS implementation is excessively strict. Are you still encountering this issue?

Yes. Happy to help debug it any way I can.

I did try one more thing: Safari has a developer setting Disable cross-origin restrictions. With that I get 421 Misdirected Request responses from the API which result in SyntaxError: The string did not match the expected pattern..

Summary
URL: https://internal.floralily.dev/next-pr-number-api/?owner=psf&name=black
Status: 421
Source: Network
Address: 159.223.186.186:443
Initiator: 
main.js:33

Request
:method: GET
:scheme: https
:authority: internal.floralily.dev
:path: /next-pr-number-api/?owner=psf&name=black
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9
Connection: keep-alive
Host: internal.floralily.dev
Referer: https://ichard26.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15

Response
:status: 421
Content-Length: 173
Content-Type: text/html
Date: Sat, 12 Oct 2024 01:49:44 GMT
Server: nginx/1.22.1

Query String Parameters
owner: psf
name: black

<html>
<head><title>421 Misdirected Request</title></head>
<body>
<center><h1>421 Misdirected Request</h1></center>
<hr><center>nginx/1.22.1</center>
</body>
</html>

[ichard26]

In the logs, I only saw a 405 error being raised by the FastAPI application downstream. I have no idea why the 421 error is being thrown by Nginx (is my SSL misconfigured?). The 405 error was caused by a HEAD request, so I added HEAD support to the API. Does that help?

[cdce8p]

The 405 error was caused by a HEAD request, so I added HEAD support to the API. Does that help?

Hmm. After reloading the page a couple of times to clear the cache, it was actually working. However, somehow it just stopped again while I was writing this here. Not sure maybe some other cache that needs to be cleared first? I'll try it tomorrow.

Not sure if it helps but this is a log for one of the successful requests

Summary
URL: https://internal.floralily.dev/next-pr-number-api/?owner=psf&name=black
Status: 200
Source: Network
Address: 159.223.186.186:443
Initiator: 
main.js:33

Request
:method: GET
:scheme: https
:authority: internal.floralily.dev
:path: /next-pr-number-api/?owner=psf&name=black
Accept: */*
Accept-Encoding: gzip, deflate, br
Accept-Language: en-GB,en;q=0.9
Connection: keep-alive
Host: internal.floralily.dev
Referer: https://ichard26.github.io/
Sec-Fetch-Dest: empty
Sec-Fetch-Mode: cors
Sec-Fetch-Site: cross-site
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.1 Safari/605.1.15

Response
:status: 200
Content-Length: 4
Content-Type: application/json
Date: Sat, 12 Oct 2024 23:45:17 GMT
Server: nginx/1.22.1
Server-Timing: endpoint;dur=263.0

Query String Parameters
owner: psf
name: black