From mboxrd@z Thu Jan  1 00:00:00 1970
From: Danny Milosavljevic <dannym@scratchpost.org>
Subject: Re: GSoC: Adding a web interface similar to the Hydra web interface
Date: Sun, 13 May 2018 21:54:22 +0200
Message-ID: <20180513215422.48fb9ac6@scratchpost.org>
References: <CAMSS15C0nNEPqQKjRt9=-JKFvrGZsKBtMOxju65p_y88EzOZgg@mail.gmail.com>
	<87vac3twbe.fsf@gnu.org> <87o9hog2ye.fsf@elephly.net>
	<CAMSS15CQwypdFafPG1ii-CgMpxYxLtcbx8hHTvDvyBS+6xNSxA@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Return-path: <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
Received: from eggs.gnu.org ([2001:4830:134:3::10]:53891)
	by lists.gnu.org with esmtp (Exim 4.71)
	(envelope-from <dannym@scratchpost.org>) id 1fHzf7-0003jH-OR
	for guix-devel@gnu.org; Sun, 13 May 2018 18:40:27 -0400
Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71)
	(envelope-from <dannym@scratchpost.org>) id 1fHx4e-0002qS-KH
	for guix-devel@gnu.org; Sun, 13 May 2018 15:54:31 -0400
Received: from dd26836.kasserver.com ([85.13.145.193]:39808)
	by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_256_CBC_SHA1:32)
	(Exim 4.71) (envelope-from <dannym@scratchpost.org>)
	id 1fHx4e-0002q4-CF
	for guix-devel@gnu.org; Sun, 13 May 2018 15:54:28 -0400
In-Reply-To: <CAMSS15CQwypdFafPG1ii-CgMpxYxLtcbx8hHTvDvyBS+6xNSxA@mail.gmail.com>
List-Id: "Development of GNU Guix and the GNU System distribution."
	<guix-devel.gnu.org>
List-Unsubscribe: <https://lists.gnu.org/mailman/options/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/archive/html/guix-devel/>
List-Post: <mailto:guix-devel@gnu.org>
List-Help: <mailto:guix-devel-request@gnu.org?subject=help>
List-Subscribe: <https://lists.gnu.org/mailman/listinfo/guix-devel>,
	<mailto:guix-devel-request@gnu.org?subject=subscribe>
Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org
Sender: "Guix-devel" <guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org>
To: Tatiana Sholokhova <tanja201396@gmail.com>
Cc: guix-devel <guix-devel@gnu.org>

Hi Tatiana,

> I have taken a look at Danny's Cuirass frontend application. Now I try to
> run it locally. I have already figured out that I need to change URLPREFIX
> and name of the repository and the branch in the code. But I still can't
> get it working. According to the browser console, all the queries to
> localhost sent by js receive following error:
> 
> "No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin 'null' is therefore not allowed access."
> 
> But similar queries work well if I enter them manually via the browser or
> curl. Could you give me any hints on that?

You're trying to run it as a file from your local computer, right?

Then it's security settings in your web browser preventing cross-site scripting
attacks.

If you use icecat, please install this extension:

  https://addons.mozilla.org/de/firefox/addon/cors-everywhere/

There's an square icon at the top right of the icecat window then (it says "cors").

If you click on it it will toggle between green and red.

When it's green it means that it will let all requests pass.  WHEN IT'S GREEN, DON'T USE ONLINE BANKING or similar in the same session.

But the index.html frontend application will work just fine then :)

When it's red it means that cross-site scripting attack protection is online.  If in doubt, leave it red.  It should be red most of the time.

I myself develop like that:

For testing,

* Switch CorsE to green
* Refresh Cuirass frontend index.html page
* Try some stuff
* Close Cuirass frontend index.html page
* Switch CorsE to red