Unable to run version warning with URL different than readthedocs

[aanm]

Failed to load https://readthedocs.org/api/v2/version/?project__slug=cilium&active=true: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://docs.cilium.io' is therefore not allowed access.

Open console in:
http://docs.cilium.io/en/v1.0/

This works URL works:
https://cilium.readthedocs.io/en/v1.0/

@humitos what do you think it should be the best option for this?

Should I create a copy of the JSON from https://readthedocs.org/api/v2/version/?project__slug=cilium&active=true in http://docs.cilium.io/version plus add versionwarning_api_url=docs.cilium.io?

[humitos]

Should I create a copy of the JSON from https://readthedocs.org/api/v2/version/?project__slug=cilium&active=true in http://docs.cilium.io/version plus add versionwarning_api_url=docs.cilium.io?

Nope, this won't work.

The problem is because of CORS. There is not too much we can do from this extension since that endpoint does not support jsonp. This is something that has to be fixed in Read the Docs. It may worth to open an issue there.

[humitos]

Mmmm... wait, this code should do the trick:

https://github.com/rtfd/readthedocs.org/blob/ce0948fcbc902c4d870d278399bb0a2c83bd917d/readthedocs/core/signals.py#L70-L75

Did you create the right Domain from your Admin's tab project?

[humitos]

Oh! That code is only executed if it's a valid_url which are only the ones under WHITELIST_URLS which are only those for the ads.

[humitos]

@aanm I opened a PR under Read the Docs to discuss this problem. Please, subscribe there. Thanks.

[humitos]

@aanm the upstream PR was merged today and it will be deployed soon. When that happens, this issue will be automatically fixed.

[aanm]

@humitos thank you very much!

[ericholscher]

I believe this should now be deployed. 👍

[humitos]

Thanks!

I just tested the links from the description and both works as expected.

Closing here.

[aanm]

@humitos was there a regression introduced in RTD? We seem to be seeing this exact issue again

[humitos]

Hi @aanm! I'm not sure to understand the problem you are reporting. Going to https://docs.cilium.io/en/v1.10/ I do see the warning version without problem. The console shows the debug information properly.

[aanm]

Hi @humitos thanks for the reply. It is working now for v1.9 and v1.10 because we have made some changes on our side, see cilium/cilium#19563, cilium/cilium#19610 and cilium/cilium#19611. We have backported those changes to those branches. However, if you look at https://docs.cilium.io/en/v1.8/ you can still see the CORS problem in the console.

Thanks!

[humitos]

@stsewd do you know what happened here and why the API is now having CORS issues? Is it possible to solve it somehow?

[stsewd]

Looks like this was the result from where we locked down our API from cross site requests GHSA-3v5m-qmm9-3c6c.

We could:

• Allow access to api/v2 on .org only (this could be confusing for .com users)
• Allow access only if the project is public and return public versions only (this needs some changes on our app to extract the project from the request and have it list public versions only on cross site requests)
• Implement our new footer API, so we can get this information from the same domain.