It can't be nginx. These are the response headers from the server and they are correct. What is confusing me is why the browser still thinks http://php.net is not allowed access when the server clearly responded with it in the Access-Control-Allow-Origin header.
On Wed, Dec 11, 2013 at 12:36 AM, Hannes Magnusson < [email protected]> wrote: > On Tue, Dec 10, 2013 at 9:26 PM, Sherif Ramadan <[email protected]> > wrote: > > > > > > > > On Tue, Dec 10, 2013 at 8:33 PM, Hannes Magnusson > > <[email protected]> wrote: > >> > >> On Tue, Dec 10, 2013 at 2:48 PM, Hannes Magnusson > >> <[email protected]> wrote: > >> > On Tue, Dec 10, 2013 at 2:41 PM, Sherif Ramadan > >> > <[email protected]> wrote: > >> >> > >> >> > >> >> > >> >> On Tue, Dec 10, 2013 at 5:30 PM, Hannes Magnusson > >> >> <[email protected]> wrote: > >> >>> > >> >>> On Tue, Dec 10, 2013 at 1:55 PM, Sherif Ramadan <[email protected]> > >> >>> wrote: > >> >>> > Commit: 540872824575ecfcdf42511a7784ccbd1d3f4e13 > >> >>> > Author: Sherif Ramadan <[email protected]> Tue, 10 Dec > >> >>> > 2013 > >> >>> > 16:55:48 -0500 > >> >>> > Parents: 92aa114f859b695b82743feba122a3b27a6925a7 > >> >>> > Branches: master > >> >>> > > >> >>> > Link: > >> >>> > > >> >>> > > http://git.php.net/?p=web/php.git;a=commitdiff;h=540872824575ecfcdf42511a7784ccbd1d3f4e13 > >> >>> > > >> >>> > Log: > >> >>> > Fix potential Access-Control-Allow-Origin bug in vote-note.php - > Bug > >> >>> > #65887 > >> >>> > > >> >>> > >> >>> Hmmmh... I already added this to prepend.inc, which this page is > >> >>> including.. Is that fix not working? > >> >>> I think its better to fix it there then specifically for this page > >> >>> only. > >> >>> > >> >>> -Hannes > >> >> > >> >> > >> >> > >> >> Apparently I did not see that. Your fix seems to be relying > >> >> $_SERVER["HTTP_ORIGIN"], but when the request comes from > http://php.net > >> >> the > >> >> Access-Control-Allow-Origin response header is always 'http://', > which > >> >> the > >> >> UA does not accept. > >> > > >> > > >> > Well.. That fix fixed the problem of loading javascript resources > >> > (such as autocopmlete) from http://www.php.net when accessing > >> > http://php.net > >> > > >> > So I'm uncertain what exactly you mean by "response header is always > >> > 'http://'" ? > >> > >> > >> > >> Duuuuude... You are totally right :) > >> It was broken, completely, except on dev setups where you don't use port > >> 80 ;) > >> > >> It is fixed now.. Can this commit be reverted now? > >> > >> -Hannes > > > > > > > > Cool, yes I will revert this in a moment. > > > I'm starting to think php.net is incorrectly configured. > Looks like its not forwarding these headers correctly from nginx->apache. > > Sascha, can you please make sure nginx isn't stripping away stuff like > this? > > > -Hannes >
