Develop Reference

How do I load a webcomponent across domains?

Can you not load webcomponents from other domains?
I'm getting a cors error in firefox/linux.
I added this to nginx but still can't load it:
add_header Access-Control-Allow-Origin *;
<html lang="en">
<head>
<meta charset="utf-8" />
<script type="module" src="//briskreader.com/components/feed-list.js"></script>
</head>
<body>
<feed-list topic="bitcoin"></feed-list>
</body>
</html>
Here's the error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://briskreader.com/components/feed-list.js. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Loading module from “http://briskreader.com/components/feed-list.js” was blocked because of a disallowed MIME type (“text/html”).
test.html
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://briskreader.com/components/feed-list.js. (Reason: CORS request did not succeed).
Heres the header from briskreader.com:
$ curl -I 'https://briskreader.com/components/feed-list.js'
HTTP/2 200
server: nginx/1.18.0 (Ubuntu)
date: Sun, 21 Nov 2021 06:30:51 GMT
content-type: application/javascript
content-length: 2187
expires: Sun, 21 Nov 2021 06:30:50 GMT
cache-control: no-cache
cache-control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
access-control-allow-origin: *
accept-ranges: bytes

Web components has nothing to do with CORS. The attribute type="module" on <script> tag causes the CORS request. Unlike classic scripts, module scripts require the use of the CORS protocol for cross-origin fetching.
Next this line add_header Access-Control-Allow-Origin *; is useless on origin domain. You must set Access-Control-Allow-Origin header on briskreader.com domain. If you do not control briskreader.com, then consider using classical script. You can still use Web components with classical script.

Forcing browser not to cache via headers and file versioning seems not to work

I have single page application that is frequently updated and I need a way to prevent browsers to cache my web app.
I have added
<meta http-equiv="Cache-Control" content="no-cache, no-store, must-revalidate">
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="Expires" content="0">
to my headers. I also use file versioning and update my file names according to the newest version.
But to my observations, google chrome always caches my application.
What may be the root cause here?
On a different platform, I have read that using no-cache , no-store and must-revalidate may cause conflicts and the browser may choose to use whichever it want, I have yet to find further proof of that statement. AFAIK the browser should use the most restrictive statement.
Here are my response headers:
Accept-Ranges: bytes
Cache-Control: max-age=31536000
Cache-Control: no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0
Connection: keep-alive
Content-Length: 312
Content-Type: application/json
Date: Mon, 11 Oct 2021 22:01:42 GMT
ETag: "61643c76-138"
Last-Modified: Monday, 11-Oct-2021 22:01:42 GMT
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff

What software produces this pattern of redirect?

I am trying to activate HTTPS on my website but something is producing a redirect from HTTPS to a subdomain. Web guy says its the server. Server guy says its the app. I checked the vhost and httpd.conf and there is no redirect that matches. The application is Wordpress but there is no instance of the subdomain existing in the database or the source code.
Please take a look at the server response. Do you recognize what software produces this pattern of response?
$ curl -i https://www.example.com
HTTP/1.1 200 OK
Date: Tue, 23 Jan 2018 17:06:20 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/7.1.11
Last-Modified: Tue, 13 Jun 2006 16:25:18 GMT
ETag: "9b-4161d83351780"
Accept-Ranges: bytes
Content-Length: 155
Content-Type: text/html; charset=UTF-8
<html>
<head>
<META HTTP-EQUIV="Refresh"
CONTENT="0; URL=http://somewhereelse.example.com">
<title> redirecting...
</title></head>
<body> </body>
</html>

client side caching happening despite version in url

We seems to be having an issue with a css file caching on the client. I generally stop this from causing issue by adding a version number to the file, i.e.
<link href="Default.css?4.31.0.17051" rel="stylesheet" type="text/css">
But in this circumstance this isn't working and I don't understand why.
The version number was incremented last night from 4.30.0.xxxxx to 4.31.0.17051
Some users, and I've seen it myself, are getting a HTTP 304 response. What's strange is if I inspect it using the IE dev tools it shows a HTTP 304, if I fire up fiddler it doesn't show any request at all.
Content caching is not enabled on the server.
Here's the HTTP header if I do a ctrl-f5:
HTTP/1.1 200 OK
Content-Length: 45861
Content-Type: text/css
Last-Modified: Tue, 23 Jul 2013 14:19:40 GMT
Accept-Ranges: bytes
ETag: "0a61aabaf87ce1:bdba"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 30 Jul 2013 16:05:54 GMT
So:
why don't I see this in fiddler? is it not sending the request at all as this question suggests (https://stackoverflow.com/a/8958279/542251)
Why isn't this cache control (i.e. adding the ?4.31.0.17051 to the file) working?
EDIT
I've now touched the file, to update the Last-modified date but it's still not requesting it.
So the page is returning a HTTP 200, so this isn't the page caching as suggested below:
Request:
GET http://www.mysite.com/Agent/Hotel HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.mysite.com/Agent/Flights
Accept-Language: en-GB
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.mysite.com
Connection: Keep-Alive
Response:
HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 53184
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
X-AspNetMvc-Version: 3.0
Date: Wed, 31 Jul 2013 08:33:25 GMT
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link href="Default.css?4.31.0.17051" rel="stylesheet" type="text/css" />
.........

As noted in my answer that you cited, the F12 Tools can show a HTTP/304 when the response was really served from the cache. If you don't see the request in Fiddler, it wasn't sent over the network.
Are you sure that the page that refers to the CSS file wasn't pulled from the cache? If it were, then you'd still have the old URL reference. (Look carefully at the CSS request's URL in the F12 tools, as the URL will be accurate even if the "304" was not).
Two points:
- What does "Why isn't this cache control working?" mean? Your HTTP-response headers don't include any Cache-Control directives.
- Changing the Last-Modified date on the server obviously isn't something the client will know about unless it actually issues a Conditional GET request to the server.

So I got a solution but not necessarily an answer.
In the end I updated the tag on the site to:
<link href="Default.css?v=4.31.0.17051" rel="stylesheet" type="text/css">
I'm not sure if adding the v= turning it into a valid querystring was the solution or whether it was just the fact that I altered the URL again solved this issue.
I haven't been able to replicate this issue in staging so I don't really know how or why this started happening.

symfony2 http 403 error (access denied) for CSS file

I have a very weird situation, one of my CSS files is not able to load, I see HTTP 403 error in firebug.
My twig:
<head>
{% block head %}
<script type="text/javascript" src="/bundles/my/js/jquery.min.js"></script>
<script type="text/javascript" src="/bundles/my/js/jquery-ui.min.js</script>
<link rel="stylesheet" href="/bundles/my/css/Aristo/Aristo.css" />
<link rel="stylesheet" href="/bundles/my/css/style.css" />
{% endblock %}
</head>
My files structure:
I've run php app/console assets:install web --symlink successfully
app/console assetic:dump returns:
Dumping all dev assets.
Debug mode is on.
Note: js/jquery.min.js, js/jquery-ui.min.js and css/style.css loads fine, only Aristo/Aristo.css yells HTTP 403 error
Edit
GET http://my.local/bundles/my/css/Aristo/Aristo.css
Response message:
Response Header
HTTP/1.1 403 Forbidden
Date: Thu, 04 Jul 2013 18:28:36 GMT
Server: Apache/2.2.22 (Ubuntu)
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 260
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Response HTML:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /bundles/my/css/Aristo/Aristo.css
on this server.</p>
<hr>
<address>Apache/2.2.22 (Ubuntu) Server at my.local Port 80</address>
</body></html>
Can anyone advise?
Thanks

You may use asset instead of direct path to your ressources :
<link href="{{ asset('css/Aristo/Aristo.css') }}" rel="stylesheet" type="text/css" />
see: http://symfony.com/doc/current/book/templating.html#linking-to-assets
Hope it's helpful
Best regard