Do all the things like ++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatarSign Up
Get a devDuck
Rubber duck debugging has never been so cute! Get your favorite coding language devDuckBuy Now
Search - "cors"
NO FIREFOX AND CHROMIUM, I ALREADY SET THE FUCKING CORS HEADERS CORRECTLY ACCORDING TO THE OFFICIAL FUCKING NGINX DOCUMENTATION. WHY THE FUCK ARE YOU STILL DISALLOWING CROSS-ORIGIN REQUESTS?!23
Yesterday, my girlfriend caught a virus. There were 5+ running programs, in program files, program files x86, system32, basically everywhere. The virus modified chrome, firefox, edge (and even installed a false uc browser assuming we had one), there are many entries at startup programs, also running daemons, once you kill one of them, the others detect it and replicate their killed fellows. Tried to run a linux live usb disk for a cleanup, but the computer hibernates instead of shutdown, making modifications on disk risky.
I spent hours trying to suppress the processes, do a manual cleanup and antivirus search. It looked all cleaned up, then I reinstalled chrome, and now it switches its homepage everytime I open it, it also injects batch arguments to desktop link forum chrome (deleting it manually does not help, it comes back). I'm a linux guy, and in a few hours, I hated windows more than ever.
If anybody knows the authors, I *really* want to meet them. I promise I'm not going to punch them, but kneel down, bow my head in respect, and say "teach me master."14
Insomnia: yeah, nice cors header
Postman: neat cors header mate
Fetch in browser: where the FUCK is the cors header you retard7
The most helpful error message of all time:
Unhandled exception in line 0: Script error.
Literally translates to: “Something went wrong but I’m not gonna tell you what.”
I fucking hate CORS. I mean yeah I get that it's for security and all but fucking COCKSUCKER is it ever fucking getting annoying dealing with this shit…5
*Creates a rest api that runs on localhost:8080*
*Creates React front end that runs on localhost:3000*
*Sends a GET request to api*
*Cross-Origin Request Blocked: The Same Origin Policy...*
Thats my fucking dev environment and its my local fucking host! Let me just send a fucking request to my own fucking machine you piece of shit! Why the fuck they didn't add an exclusion to fucking localhost?!?12
i rant that i live in a dictatorship with an idiot president who bans whatsapp and facebook to prevent protests (in reaction to having arrested opposition party members of parliament), and github (yes, github) to prevent the spread of a minister's leaked e-mails. now the government is seriously considering shutting down vpn services to prevent by-passing the bans.
on the other hand, it's a nice time and place to continue ms studies on ad-hoc networks - that is of course if i can avoid being arrested or killed before i even start my thesis.10
that feeling when your new toys from aliexpress get delivered earlier than expected... i feel so happy unpacking those sensors, capacitors, heat sinks, microchips, breadboards and all. i feel like i have a geeky shopping addiction, i probably won't have the time to play with them from all the work and other personal projects, but still i hoarded enough electronics to invade the world with a drone army in case i have a few weeks me-time.5
'yes' in linux shell has become my favourite command when i discovered it. it has a careless touch to it, like "yeah whatever just do the thing".
also, i like glutMainLoop. a saw doll inside my head says "let the game begin!" each time i type this function.1
maybe it's time feature is added for devrant simple community dev projects. there could be games, parody websites, you name it. projects could be hosted on github, and indexed at a "projects" tab here on devrant, so we can choose something and start rolling with our pals from devrant when we get bored at work :) @dfox (inspired by rant from @Notebookdeviant)3
I actually never felt the need to scream at a co-worker so let's talk about that time a co-worker screamed at me instead.
tl;dr : some asshole boss screamed and threatened me because someone else's project was shit and didn't work.
Context: I was in my third year of school internship (graded) and my experience is C, C++, C#, Python all in systems programming, no web.
I was working as an intern for a shit company that was selling a shit software to hospitals (though not medically critical, thank God) the only tech guy on site was the DBA (cool guy) the product was maintained by a single dev in VB from his house, the dude never showed up to work (you'll understand why) and an other intern who couldn't dev shit.
I was working with the DBA on an software making statistical analysis from DB exports, worked nice, no problems here if we forget the lack of specs or boundaries (except must work in ieShit).
The other intern was working on something else (don't ask me what it is) I just remember it was in GWT before the community revived it. His webapp was requesting the company http server for a file instead of having one of it's java servlet to fetch it (both apps ran on sane server) which caused a lot of shit especially CORS error. That guy left (end of contract) and leaves his shit as is, boss asked me to deploy the app, I fiddle with it to see if it works and when I find out it doesn't then that asshole starts screaming at me in front of every other employee present, starts threatening to burn me in the tech world and have me thrown out of my school for no goddamn reason than the other dude's project doesn't work.
After the screaming I leave and warn my school immediately.
I guess that's why the other dev never came to work.
I had three weeks of internship left, that I did from home and worked probably less than 2 hours a day so suck it asshole.
Still had a good grade because I was reviewed by the DBA and he was happy with the work I did.
It was only later that I realized that what he did was categorizing as harassment (at least in France) and decided that never again this would happen without a response from my lawyer.1
didn't anyone go for the "#define true false" joke? i didn't actually see it in action, but it would be a pretty harsh one.1
Dev nightmares :
- Not finding bug fix on stackoverflow/GitHub .
- Losing code that hasn't been pushed to GitHub.
- Dealing with an unclean and inconsistent database.
- Installing Node Dependencies.
- Resolving CORS and 500s.
- Training a Linear Regression Model with 700 epochs on an entry-level Laptop.
Keep appending to this list.
I don't know what you did yesterday, but i did make my company throw away 2 months of progress.
It all started in the beginning, since that i've made numerous complaints about the workflow or code and how to improve it. I've been told off every time, and every time i either told the boss who agreed in the end or wrote code to prove myself. Everything was a hassle and my tasks weren't better.
Team lead: you'll do X now, please do that by making Y.
Me: but Y is insecure, we should do Z.
Team lead: please do Y
Later it turns out Y is impossible and we do Z in the end...
Team lead: please do W now
Me, a few days later: i've tried and their server doesn't give http cors headers, doing W in the browser is impossible
Team lead, a few days later: have you made progress on W?
Me: * tells again it's impossible and uploads code to prove it *
Team lead: * no response *
After that i had enough. Technically i still was assigned to do W, but i used my time to look over the application and list all the things wrong with it. We had everything, giant commits, commented out code, unnecessary packages, a new commit introduced packages that crashed npm install on non-macs, angularjs-packages even though we use angular, weird logic, a security bug, all css in one file even though you can use component-specific css files...
I sent that to my boss, telling him to let the backend-guys have a look at it too and we had a meeting about this. I couldn't attend but they agreed with me completely. They decided to throw away what we have already and to let one of the backend-guys supervise our team. I guess there will be another talk with the team lead, but time will tell.
It feels so good having hope to finally escape this hellish development cycle of badly defined task, bad communication and headache-inducing merges.
Backend API developer that doesn't admit his mistakes. Damn, he's annoying the whole team.
Basically crashed the whole app by messing up the settings for the CORS policy, and still doesn't admit it. When he fixed it, the only reply we get was "I erased the thing and put it back and it works".
Now I can easily scrap motivational quotes, Hell Yeah.
* btw I am building random quotes generator but want to generate quotes with web-scraping *9
If I had a penny every time I explained CORS of browsers to tenured J2EE, who just knows ie as a browser, I would be millionaire by now.5
Today I made this:
a crypto price alert page that plays. you suffer - napalm death
like the gilfoyle one.
with the intention to add PPC (PiedPiperCoin) to the list of currencies.
but CORS & the missing https for piedpiper.com stopped me. :-(
"Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://19-" SHUUUUUUUT UUUUUUUUUUUUP FOR FUCKS SAKE
I fucking have app.UseCors(x => x).AllowAnyOrigin().AllowAnyMethod().AllowAnyHeader()); in my startup. It's not supposed to tell me the CORS request did not succeed becuase THERE'S NOT SUPPOSED TO BE CORS WHEN I DO THAT.15
Three hours into trying to make it fucking work... YES BROWSER I ALLOWED ALL ORIGINS WHY DONT YOU WORK 😭😭5
I spent hours trying to enable CORS on AWS Lambda through API gateway (it was supposed to be simple and Amazon had a nice tutorial) but it turns out that there's a known bug that makes Lambda Proxy Integrations not adhere to any setting in the API Gateway, you have to respond with the headers through the Lambda yourself.
Amazon now mentions this in the tutorial, but if you click "Enable CORS" in API Gateway, it'll show you green check marks and tell you that everything went fine, but you'll find that the Lambda does not respond with the CORS headers. They shouldn't even have "Enable CORS" as an option when you use their Lambda Proxy Integration.1
Having a problem with cors not working on firefox:
- fuck this piece of shit full of bugs
- firefox is awesome
This is an anti-rant...
I had a problematic arch-dwm setup which i've been struggling with for a looong time, and when i thought i still needed quite some time to solve all issues, yesterday i somehow managed to hit the right solutions for each problem in a single evening. My setup is now in its most stable and usable state ever, and rsynced to a flash drive. I am no longer forced to use windows for my daily needs.
Praise be to holy gnu and holy tux! Do you think maybe i should sacrifice some electronics for the souls of st. ritchie, st. thompson, st. stallman and st. torvalds?2
i found this beauty on diaspora (in tribute to the comic artist frank franzetta)
p.s.: i asked the artist if i can use it here, but got no replies. i hope it won't be a problem for him/her.1
Just found out the reason for these extremely useless "Script error." errors we're getting being so useless is, once again, CORS. 😡
"Hey, something went wrong in an iframe. I'm not allowed to tell you what went wrong, or where, but trust me some shit is broken *somewhere*. But you have to figure it out yourself."
If cross-origin blocking were a person I'd kick him in the nuts just for being such a fucking dick all the time.2
Develop all my lambda function, create endpoint for what i need, set up CORS to * time of development... And chrome fuck me with CORS preflight ERROR. What the actual fuck with this shit security easily bypassable...
Me: its enough for today. Change project folder 😐
I never understood why there are screenshots of commits being like test, test2, does it work now? or WORK YOU SHIT..
..until i tried to gitignore stuff a bit more specific while gitkeeping folders and deploying shit relying on CORS.😂2
Found an issue on Medium.com as I was not able to comment on some stories.. after some followups I found that it is because of CORS... they stopped responding after I responded with the reason. :(
today I thought writing a quick project, a youtube proxy server, as in, you browse localhost:<PORT> and youtube comes in the response.
this is not rocket science as proxy servers have around for a long time.
I thought it'd be interesting to code it in userland, as opposed to "systemland".
And 50 lines of code and some minor hurdles later I see youtube "running" in localhost.
Although youtube didn't just work as usual since the videos don't actually come from youtube.com, but from googlevideo.com instead. And my browser, expectably, enforces CORS and forbids any requests to it.
At that point I started to think of ways to somehow proxy googlevideo.com too. But the solutions are not at all trivial.
Then I thought what was the payoff of all this. I tried to proxy serve youtube out of curiosity, and sure thing, you can do it.
But what problem would proxying youtube solve? Maybe I should think in a fuller way what are the problems I have with youtube.
One issue I have is the exposure, discoverability. To explain it, let's say I have been watching a very, very big amount of videos as of today.
Personally I would expect youtube to understand very well by now what my tastes are, what do I want to watch and what I do NOT want to watch.
Notice that I am very black and white, and I do not have much interest in watching certain types of videos.
It could be true that if my expectations of how youtube should work became reality then youtube recommendations would become polarizing or echo chambering.
But that is my decision though, and the problem with youtube is that it's seemingly forcing a single recommendations algorithm onto everyone.
Some people are more open minded and want to watch EVERYTHING, and a lot of people don't.
But users aren't deciding what they should get recommended. Youtube is making that decision for them. And it sure feels like it's trying to maximize ad revenue.
I for one don't give two flying fucks about pranks or diva youtubers. Yet youtube is adamant in presenting some of these to me.
Now, trying to come up with a solution for this is really non trivial. It would definitely require some youtube mining, or some kind of network so as to not get rate limited when mining, and even then you still have to think of how a good recommendation system would work.
I think the implementation of all that would be too much for me (time and skill wise). But I think it's fun to at least try to outline how recommendations could work.
I would very much prefer that when youtube recommended something, at least it has some number of confidence meaning how much would I like that video, so at least I know what to expect.
It should also have some indicators like what is the mood of the video. As in, sometimes I watch youtube in the mood of learning, like programming videos, but most of the time I watch to get entertained.
These ideas are just brainstorms and could be terrible on reproduction, but I'd like to hear what ideas can some of the people here can come up with.3
"rose" of alphonse mucha is my favourite desktop item for the time. she watches over me as i code at home.
Is anyone else having troubles loading github ?
I opened the console and saw their css was being blocked by CORS :D3
Couldn't figure out for the life of me why axios wouldn't ping to the server. Turns out the CORS policy didn't like this. Two fucking hours, man.
Spent debugging for weeks, then found that error was I didn't add my header name in Access-Control-Request-Header option........COOOOOOOOOOOORS!!!!!6
in the workplace, i have no access to internet, am not admin to my own computer and am not allowed to install anything (due to security reasons). i also happen to have quite some spare time so i'm writing nokia's good old snake game in visual studio and opengl so i can amuse myself both coding and playing. in a way, company pushes creativity and productivity even for slacking.7
Created a docker stack that can run on a swarm, tried out an actor system framework with a really nice message passing interface, used a web server framework built on that actor framework, used a really cool ORM that relies heavily on code generation, did some experimenting with Alpine Linux, and re-learned for the 100th time how to deal with CORS
After waiting a while for another programmer on another team to provide a web service that I needed to call from a client side web form, I received word that it was ready. I could not get it to work because CORS headings were not being set correctly. After contacting them and letting them know, I got an email update to the team letting everyone know that they were waiting on me. After explaining that CORS headings were not there, I just built a PHP page to proxy the request, results and set the headers correctly so I can move on. I will remove it when they get their side fixed... if they ever do.
Spent about 40 minutes trying to figure out why my stupid events were not tracked, something about CORS
so digged into the htaccess file and added the correct headers but the header value was being appended although i was setting it.
So I figured the "tool" i am using is setting it too but only when I set it, that was weird.
So on to to its github I went, someone mentioned there is a CORS setting in the UI, so I added the domain i wanted to allow and done, it fucking works.
Read the documentation kids, sometimes it is useful.
yahoo is now alleged to give away bulk mail content to intel agencies. such a dead investment, who uses yahoo for sensitive communications anyway?
I have implemented RESTful API using expressJS, and another React app which will use the API's to fetch data.
I'm getting a problem of Allow-Origin Header.
what's the proper way of calling a API ?
do I use a CORS middleware and allow all origin ('*') and use Api-key as way of check authorization to prevent mis-use. ?
any other tricks ?2
IIS curse you and your nuances!
I launch my local web application (which was working fine) and now get CORS errors and 404 not found. Wtf. I clean the solution rebuild, same thing. Then I restart my PC and try again. Same thing.
Then I use Firefox instead if chrome and it magically works. Wtf!
It's hard to fix broken things when they fix themeselves afyer trial and error2
Fetch API gives CORS error..
Then I use JQuery AJAX request and it works fine...? 😑
Can you even handle CORS requests with Fetch?
I seriously don't understand CORS .. fml I tried to access the web API I found online. but angular keeps giving me CORS error.. I don't know how to solve it anymore...15
* le me develops endpoint using serverless on AWS Lambda, forgets to enable cors *
Le front end dev: Your endpoint doesn't work. Gives me cors error.
Me: but that works on POSTMAN
le front end dev: We are not shipping it with postman.
my 4th gen. amazon kindle has been one of my favorite work buddies so far. i spend most of my midday breaks with it, kept me pretty good company so far.1
this is a repost organization post. each time you are going to post a classical joke, please find it from items below, and write as comment, the number of the repost. and people will give you ++'s to your comments as if you actually reposted the post. also, feel free to make additions to the list. syntax is:
"(n): [repost context]" for a new item (please do not mess with the order)
"-- [n]: [personal comment]" for simulating the repost.
here we go:
(0): the comic strip about rescuing princesses in different languages.
(1): in case of fire git commit, git push, leave the building.
(2): wanna hear a udp joke? i don't care if you get it.
(3): that joke about java devs wearing glasses because they can't c#.
An example repost:
-- 0: omg princess lol :)))2
Just spent a week creating a distributed api architecture which I found out won't work due to a singular issue which can't be solved - not unless I hack stuff to a degree where I might as well write my own frameworks.
I've been aiming the user application's requests towards my wsgi, which based on a custom header will proxy it towards the correct api. Each customer base has their own api and dataset, but they all visit the same address.
I've handled CORS manually, just picking up when there's an options request, asserting the origin, then returning the correct headers. Cool everyone's happy. Turns out, socket.io includes session id and handshake info as part of their options preflight, which I can't pair with my api header (or cookie, for that matter) which means my wsgi doesn't know where to send it. You get a 400! You get a 400! You get a 401! </oprah>
So my option is to either roll my own sockets engine or just assign each api to a subdomain or give it some url prefix or something. Subdomains are probably pretty clean and tidy, but that doesn't change having to rewrite a bunch of stuff and the hours I spent staring at empty headers in options preflights.
At least this discussion saved me some time in trying to make it work. One of my bad habits is getting in those grooves of "but surely... what the hell, surely there's a way. There has to be"
If you want the ridiculous behavior “required” by POSIX, you must set the environment variable ‘POSIXLY_CORRECT’ (which was originally going to be named ‘POSIX_ME_HARDER’).
You just read a line from GNU's official coding standard document :D
Spent the bulk of the day installing two SAP HANA servers, enabling SSL on the internal web dispatchers, and getting CORS to work for external apps. Sigh.3
Today I had a CORS error in production, noticed 1 hour in that I accidentally wrote "localhost:5000//API/*"
1 hour, for a extra slash.1
i want to find the person who proposed to force mtp in android for file transfers, and bash them in the head with a plush android toy till they're knocked unconscious.
all i want is to make a file transfer between my phone and my computer, and rather than plugging my phone's usb, i find it easier to set up an ftp server over local network. and when that doesn't work, i might as well hexdump the file, and copy it char-by-char manually, than use mtp.6
Hello, I’m considering building a web framework.
My ideal features would be:
Customizable authentication system(considering using a jwt lib)
Embedded DB(bolt db)
ORM( writing my own)
REST api to DB (via code generator)
Code generator(generation of models and views via cli)
GUI to db(some admin dashboard)
CORS(web service right?)
Ease of development
Fast prototyping of small-medium web services.
My question is, do i have to many things on my platter? Should i narrow it down into less featured framework? What feature should I focus on? How should i benchmark it? Should i write tests for absolutely everything or just for exported methods? What should i take into consideration when developing ORM API, Auth API...
The language is Go
Thank you for your input11
Motherfucking peace of shit....
Dont know to whom I should direct this to .
Was creating a new login page for web app using Quasar(vue.js). Since my application have 2 different types of user, which also have different UI, and functionality.
One is written in vanilla ( and is quiet heavy) and the other one in vuejs ( though earlier it was written in vanilla too ). Login page too was written in vanilla which was working fine.
Now just yesterday I finished a prototype for the third type of user, which is also written in vuejs. Now I decided to re create login page using vuejs. Quiet small and easy to do. Finished it yesterday itself. Now since today's morning I am trying to configure it so that it this piece of shit just let me log in. It was authentication and verifying but not letting me log in.
( On server after authentication, I set cookies/token on clients browser and auto reload the page, so during next request to server/ or during reload, server will read the cookie/token and send the specific admin panel to user)
It was setting cookie, but not at the '/' path. Mother fucker.
It was setting cookie to the path I was sending login credentials ( which was different from '/', I.e.- /login/verify=password )
So it was setting cookie/token at '/login/verify=password'.
Even tried setting path for cookie at server. Read everything on internet. MF nothing worked. All I came across was, 'this is CORS' .... 'this is CORS'. Assholes, if it were CORS', how then I am able to make request to server and getting response without error
Only a hour ago, when I made get request to '/login/verify=password' I figured out, cookie is being sent to server for this path only. Then did some changes at server, so to send login credentials to '/'. Now that shit is working
Fucking waste of time. Wasted more than 6 hours. Asshole.
Btw, if you can suggest a better way to login, then please.
on a 5 day rock festival vacation... a band with songs i barely know is on and i'm a bit high... there's a cool set of animations playing at the stage background and i spent the whole concert trying to figure how i could write each animation in opengl. i'll give them a shot back home, if i don't forget.3
does anybody here use diaspora*? for those who don't, it's a free (as in freedom) social network and protocol thereof, and it employs a decentralized, distributed approach. you can choose a "pod" to store your data, and search for people and content inter-podly. as a decentralization/distribution/foss enthusiast, i love the project and check regularly, but sometimes i get the feeling that i'm all by myself there, as i have no friends yet and all the content i see is just my followed keywords. (so befriend me, maybe? :D)5
unigine sim engine has the worst documentation i've ever seen. it was written in bad english, occasionally did not follow a word convention (i.e. functions doing analogous work used different keywords), most items were just reiterations of function names (made up example for clarification: getAngularVelocity(): gets angular velocity...). i had to use it for my first ever job, and had to learn in from scratch, mostly by trial and error. it's been months since i switched jobs, and they were rolling a version 2 when i left, i hope they improved on their docs.
We need to create simple form for colection few particular people data for some bounty programme.
Anyway, they come to me, and say that creating this google doc will take them few minutes and it seems that editing few divs in the site and creating second one with another subdomain will do the trick.
I tell them that it will take a lot of time to reverse engeneer that compiled react.js website to change few divs. But they insist.
So we start out, I pop up the terminal, copy over site, add nginx config for it, apply SSL to it, we are already good 5-10 minutes in, first roadblock - CORS. At this point I tell them that with google form they would be already done.
What I hear?
Oh... it makes it easy now.
My internal voice:
next time try to use brain....
Damn CORS! Spent 4hrs googling! Alas! I can move forward. Because of that I can say I understand what cors for.
i got a dev!rant nostress ball, because i didn't have any serious rants and used the app for fun purposes.
edit: do you think maybe it can also help in debugging, although it's nothing close to being a duck.
rust anyone? i am a c++ person, and it caught my attention as having an oopish-but-actually-functional new programming paradigm whatever... also (don't know if it's just mozilla's successful marketing) i had the impression that people see it as the new whiz kid in town. do you recommend indulging in it for the sake of trying something new?2
Every couple of hours a certain request from our web app gets a CORS error from our server. Refresh the page and everything works perfectly. WTF...1
trying to make a live usb disk. i took shots at random combinations from 2 usb sticks, 2 oses, different tools or technics on each os... each failed with a different outcome. then i realized i should have kept a failure matrix so that i don't try the same combinations, or can trace the roots of the problem.
each time i need to build a live disk, a part of me dies inside.6
i just learnt how much clearcase sucks the hard way. i always used git for personal projects and am used to finding a simple solution to any problem at most one stackoverflow away, i just messed up my local repo, and experienced people could not manage to undo it. i mean come on, this is a f**king versioning software, how hard can it be to delete everything local and re-pull from remote without messing up configuration files? either clearcase has some serious design shortcomings for my understanding of a versioning software, or it is so overly complicated that nobody actually knows how to revert this mistake.2
In whatever framework I'm using I get frustrated with the default css so I just !important everything
This CORS is a huge bummer. It took me nearly 4 hours of pounding my head on keyboard trying to figure out why my "$http.post" doesn't work.1
I wrote a NoCors Heroku App to pull out all the CORS hearders from a 3rd Party API to use in the one of the production site. Still no one knows about it.
For work i'll have to use an API whose server doesn't support OPTIONS-requests. All would be ok if the request wouldn't be made FROM A FUCKING BROWSER.
How old is CORS? Have you been living under a rock since then? (Well, maybe. Because they're using IIS7)
i've been using debian with xfce for 2 years, and i'm now planning to migrate to arch with xmonad for some freshness. i'm reluctantly peeking out of my comfort zone and sniffing like a cat, any tips appreciated.
anybody else has a "polish notation fetish"? i never actually learned lisp, but since i first saw its style, i find writing functions like "+ 1 2" instead of "1 + 2" both aesthetically and functionally more appealing. i think the infix notation is just being kept because of well-established habits.
I have just allowed '*' on the rack-cors host configuration. Yiiiiihhhhaaaaa.. no cors problems on Rails again.
But hackers will go fuck my api.