Re: [Inf-IT DAVcl] additional external ics resource in infcloud config file

12 Feb 2021

Hi Jan,

I'm trying to talk with the webmaster of the resource I'm trying to 
embed in my calendar. Here is what he is saying :

...
  Our API and static files are designed to be
cross-domain usable. We have many applications that use this mechanism without a problem.

 The following codes (jQuery and window.fetch) allow to retrieve the ICS file as you wish,
from any page, as you can check here :

 https://jsfiddle.net/wzm287nj/. 
Can you please tell what is the difference of the jsfiddle requests, and 
the one that are blocked in the infcloud configuration?

Thanks,

Ploc

Le 19/09/2020 à 23:35, Ján Máté a écrit :
...
  Hi Ploc,

 the:

     X-Requested-With: XMLHttpRequest

 indicates that the request is a JavaScript request. The server must 
 allow this header in the Access-Control-Allow-Headers header...

 And the authorization header ... maybe there is a bug in the jQuery Ajax 
 request in the source code, there should be something like:

     if(inputResource.userAuth.userName!='' &&
     inputResource.userAuth.userPassword!='')
     ... send the header ...

 But first you must solve the X-Requested-With header problem ...

 JM

  On 19 Sep 2020, at 23:18, Ploc
&lt;pub2021(a)acampado.net 
 <mailto:pub2021@acampado.net>> wrote:

 Thanks Jan for your answer, I should have read carefully the comment 
 in the config file.

 I checked the resource and the server and it appears that the headers 
 are ok to serve resources as CORS :

  curl -I 
https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/20…

<https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics>
 HTTP/1.1 200 OK
 Server: nginx
 Date: Sat, 19 Sep 2020 09:42:49 GMT
 Content-Type: application/octet-stream
 Content-Length: 9085
 Last-Modified: Mon, 07 Sep 2020 13:33:36 GMT
 ETag: "5f5636b0-237d"
 Expires: Mon, 19 Oct 2020 09:42:49 GMT
 Cache-Control: max-age=2592000
 Content-Disposition: attachment
 Pragma: public
 Cache-Control: public
 X-Content-Type-Options: nosniff
 X-XSS-Protection: 1; mode=block
 X-Frame-Options: SAMEORIGIN
 Access-Control-Allow-Origin: *
 Access-Control-Allow-Methods: GET, OPTIONS
 Access-Control-Allow-Headers: 

Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range
 Access-Control-Allow-Credentials: true
 Accept-Ranges: bytes

 As you can see, all origins are available :

  Access-Control-Allow-Origin: * 
 My problem is that InfCloud is hosted on a server where CSP (Content 
 Security Policy) is enabled. I have another error where the remote ics 
 resource is not fetched because the preflight request fails :

  Blocage d’une requête multiorigines (Cross-Origin
Request) : la  politique « Same Origin » ne permet pas de consulter la ressource 
 distante située sur 

https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/20….

 Raison : l’en-tête « x-requested-with » n’est pas autorisé d’après 
 l’en-tête « Access-Control-Allow-Headers » de la réponse de 
 pré-vérification des requêtes CORS.

 In other words, there cannot be the x-requested-with header along with 
 the Access-Control-Allow-Headers header.

 As far as I understand, this is due to the response of the OPTION 
 request and answer to static.data.gouv.fr which does not contain the 
 correct header:

 request:

  Access-Control-Request-Headers:
authorization,x-requested-with 
 response:

  Access-Control-Allow-Headers:  
Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range

 I don't understand why is there this authorization header as I'm not 
 using any credential to retrieve this static public resource:

 var globalSubscribedCalendars={
        hrefLabel: 'Subscribed',
        calendars: [
                {
                        href: 
 'https://static.data.gouv.fr/resources/le-cal 
 endrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics',
                        userAuth: {
                                userName: '',
                                userPassword: ''
                        },
                        typeList: ['vevent'],
                        ignoreAlarm: true,
                        displayName: 'vacances scolaires',
                        color: '#ff0000'
                }
        ]
 };

 I can't find any way to fix this issue.

 Do you have any idea about that?

 Thanks,

 Ploc

 Le 19/09/2020 à 11:25, Ján Máté a écrit :
  Hi Ploc,
 yes of course, from the config.js:
    // globalSubscribedCalendars
    // This option specifies a list of remote URLs to ics files (e.g.: 
 used
    // for distributing holidays information). Subscribed calendars are
    // ALWAYS read-only. *Remote servers where ics files are hosted MUST*
    // *return proper CORS headers (see readme.txt) otherwise this
    functionality*
    // *will not work!*
 The main problem is related to CORS, because all JavaScript (XHR) 
 requests are subject of CORS limitations in modern browsers :-/
 JM
> On 19 Sep 2020, at 00:37, Ploc &lt;pub2021(a)acampado.net 
> <mailto:pub2021@acampado.net>> wrote:
>
> Is there a way to add an additional external ics resource in 
> infcloud config file?
>
> I'm thinking about a static ics read-only calendar, such as holidays 
> calendar:
>
>
https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#re…

> (french school holidays calendar)
>
> Thanks for your answer.
> 

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

Re: [Inf-IT DAVcl] additional external ics resource in infcloud config file