Alla diskussioner > Steam-forum > Suggestions / Ideas > Ämnesdetaljer
m4dEngi 30 okt, 2020 @ 8:54
Add steamcdn-a.akamaihd.net to CORS allowed domains.
Because steam store pages with missing resources are slightly annoying.
Detta ämnes författare har markerat ett inlägg som svar på frågan.
Tryck här för att hoppa till det inlägget.
Ursprungligen skrivet av aiusepsi:
Seems to me that the issue is that for some reason, the source for all the images and other content is the Cloudflare CDN, and that's what they've got their cross-origin set up for, but the floating candle images are set to come from the Akamai CDN, so they're busted.

Looks like they need to fix the URLs for the candles to point to Cloudflare.
< >
Visar 1-15 av 22 kommentarer
Brujeira 30 okt, 2020 @ 9:00 
Well that's something at your end because it's working fine for everyone else. How exactly are you viewing the store? Through a normal browser?
#1
m4dEngi 30 okt, 2020 @ 9:04 
Ursprungligen skrivet av Brujeira:
Well that's something at your end because it's working fine for everyone else. How exactly are you viewing the store? Through a normal browser?
https://imgur.com/FbMWoCn.png
Like this. Think i should disable CORS in Firefox settings?
#2
cSg|mc-Hotsauce 30 okt, 2020 @ 9:09 
I'd disable it.

:qr:
#3
m4dEngi 30 okt, 2020 @ 9:17 
Ursprungligen skrivet av cSg|mc-Hotsauce:
I'd disable it.

:qr:
While you're on your way to disable it, would you kindly share with us the cd-key of the first game you activated on steam (with a photo ofc)?
#4
cSg|mc-Hotsauce 30 okt, 2020 @ 9:21 
Ursprungligen skrivet av m4dEngi:
Ursprungligen skrivet av cSg|mc-Hotsauce:
I'd disable it.

:qr:
While you're on your way to disable it, would you kindly share with us the cd-key of the first game you activated on steam (with a photo ofc)?

Tell me why you need it enabled.

:qr:
#5
m4dEngi 30 okt, 2020 @ 9:35 
Ursprungligen skrivet av cSg|mc-Hotsauce:
Ursprungligen skrivet av m4dEngi:
While you're on your way to disable it, would you kindly share with us the cd-key of the first game you activated on steam (with a photo ofc)?

Tell me why you need it enabled.

:qr:
Dunno. For some reasons i prefer to leave security features (enabled by default in modern browsers) enabled.

And if it's not needed why VALVe enforces it on their end? ( maybe they're afraid of harmless XSS attacks? )

I know you're quite special kind of VALVe cultist, so here's a screenshot of response header from store remote server https://imgur.com/86O3Ffq.png
Senast ändrad av m4dEngi; 30 okt, 2020 @ 9:41
#6
Brujeira 30 okt, 2020 @ 9:40 
Ursprungligen skrivet av m4dEngi:
Ursprungligen skrivet av cSg|mc-Hotsauce:

Tell me why you need it enabled.

:qr:
Dunno. For some reasons i prefer to leave security features (enabled by default in modern browsers) enabled.

And if it's not needed why VALVe enforces it on their end? ( maybe they're afraid of harmless XSS attacks? )

Yeah, but you've not just left the default ones enabled, have you? I'm running the latest FireFox with NoScript and I'm not getting these errors. How many different security addons and script blockers have you installed?
#7
Spawn of Totoro 30 okt, 2020 @ 9:43 
Ursprungligen skrivet av Brujeira:
Yeah, but you've not just left the default ones enabled, have you? I'm running the latest FireFox with NoScript and I'm not getting these errors. How many different security addons and script blockers have you installed?

Same here. Ublock Origin and No-Script.

I have to enable two items in No-Script as it is set to block everything, but no error in FireFox and FireFox has all default settings enabled.
#8
m4dEngi 30 okt, 2020 @ 9:47 
Ursprungligen skrivet av Spawn of Totoro:
Ursprungligen skrivet av Brujeira:
Yeah, but you've not just left the default ones enabled, have you? I'm running the latest FireFox with NoScript and I'm not getting these errors. How many different security addons and script blockers have you installed?

Same here. Ublock Origin and No-Script.

I have to enable two items in No-Script as it is set to block everything, but no error in FireFox and FireFox has all default settings enabled.
https://store.steampowered.com/sale/halloween2020 so this one loads perfectly for you, right? No broken images, no errors, nothing, right?

Just tested in default Chromium with no plugins, same result as with FF.
#9
Brujeira 30 okt, 2020 @ 9:52 
Ursprungligen skrivet av m4dEngi:
Ursprungligen skrivet av Spawn of Totoro:

Same here. Ublock Origin and No-Script.

I have to enable two items in No-Script as it is set to block everything, but no error in FireFox and FireFox has all default settings enabled.
https://store.steampowered.com/sale/halloween2020 so this one loads perfectly for you, right? No broken images, no errors, nothing, right?

Just tested in default Chromium with no plugins, same result as with FF.

Loads perfectly fine. This is your home PC rather than a work PC, right?
#10
Spawn of Totoro 30 okt, 2020 @ 9:56 
Ursprungligen skrivet av m4dEngi:
Ursprungligen skrivet av Spawn of Totoro:

Same here. Ublock Origin and No-Script.

I have to enable two items in No-Script as it is set to block everything, but no error in FireFox and FireFox has all default settings enabled.
https://store.steampowered.com/sale/halloween2020 so this one loads perfectly for you, right? No broken images, no errors, nothing, right?

Just tested in default Chromium with no plugins, same result as with FF.

Loads fine for me.

Did you try clearing the cache?

If something is loading too fast, it may display errors a few times as it tries, then works fine. Even if get error, if the site works, then there is likely no real issue.

Looking up the error as well, it isn't a setting in FF, but a general Web error.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default
Senast ändrad av Spawn of Totoro; 30 okt, 2020 @ 9:58
#11
m4dEngi 30 okt, 2020 @ 10:01 
Ursprungligen skrivet av Spawn of Totoro:
Ursprungligen skrivet av m4dEngi:
https://store.steampowered.com/sale/halloween2020 so this one loads perfectly for you, right? No broken images, no errors, nothing, right?

Just tested in default Chromium with no plugins, same result as with FF.

Loads fine for me.

Did you try clearing the cache?

If something is loading too fast, it may display errors a few times as it tries, then works fine. Even if get error, if the site works, then there is likely no real issue.

Looking up the error as well, it isn't a setting in FF, but a general Web error.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default

Of course it's not a FF error, it's a server enforcing content security policy and a missing static resources domain in allowed origins list in server reply header.
#12
Brujeira 30 okt, 2020 @ 10:03 
Ursprungligen skrivet av m4dEngi:
Ursprungligen skrivet av Spawn of Totoro:

Loads fine for me.

Did you try clearing the cache?

If something is loading too fast, it may display errors a few times as it tries, then works fine. Even if get error, if the site works, then there is likely no real issue.

Looking up the error as well, it isn't a setting in FF, but a general Web error.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin?utm_source=devtools&utm_medium=firefox-cors-errors&utm_campaign=default

Of course it's not a FF error, it's a server enforcing content security policy and a missing static resources domain in allowed origins list in server reply header.

Which is all supposed to be handled at your end by the browser...
#13
Spawn of Totoro 30 okt, 2020 @ 10:04 
Ursprungligen skrivet av m4dEngi:
Of course it's not a FF error, it's a server enforcing content security policy and a missing static resources domain in allowed origins list in server reply header.

And does not seem to effect the page, so a non-issue.
#14
m4dEngi 30 okt, 2020 @ 10:06 
Ursprungligen skrivet av Brujeira:
Ursprungligen skrivet av m4dEngi:

Of course it's not a FF error, it's a server enforcing content security policy and a missing static resources domain in allowed origins list in server reply header.

Which is all supposed to be handled at your end by the browser...
Exactly. It's correctly handled on my end resulting in missing images. Sure i can live without floating candles on store pages...

I love how you instantly try to shift the blame to users, never change, guys.
Senast ändrad av m4dEngi; 30 okt, 2020 @ 10:07
#15
< >
Visar 1-15 av 22 kommentarer
Per sida: 1530 50

Alla diskussioner > Steam-forum > Suggestions / Ideas > Ämnesdetaljer
Datum skrivet: 30 okt, 2020 @ 8:54
Inlägg: 22
Inled en ny diskussion

Diskussionsregler och -riktlinjer