Coala Online is broken due to CORS issue
Summary
https://coala.io/#/coalaonline does not work due to the SOP security restrictions in browsers. This is bad for Coala marketing and therefore adoption!
Steps to reproduce
- Visit https://coala.io/#/coalaonline in Chrome or in Firefox
- Open your console (optional but recommended)
- Then try to use any linter/bear to validate the code
What is the current bug behavior?
We see an error message in the console, and the spinner just keeps on spinning.
# Chrome console:
Failed to load https://api.gitmate.io/coala_online/: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://coala.io' is therefore not allowed access. The response had HTTP status code 504.
# Firefox console:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://api.gitmate.io/coala_online/. (Reason: CORS header 'Access-Control-Allow-Origin' missing).
What is the expected correct behavior?
No SOP/CORS error and a response from the linter.
Possible fixes
We can use CORS to get past these restrictions. (MDN, Wikipedia)
To do that, we must add some HTTP headers to the response provided from api.gitmate.io
that allows requests from origin coala.io
(or alternatively, allows requests from any origin *
).
Edited by Joey Twiddle