additional external ics resource in infcloud config file
Is there a way to add an additional external ics resource in infcloud config file? I'm thinking about a static ics read-only calendar, such as holidays calendar: https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#res... (french school holidays calendar) Thanks for your answer.
Hi Ploc, yes of course, from the config.js: // globalSubscribedCalendars // This option specifies a list of remote URLs to ics files (e.g.: used // for distributing holidays information). Subscribed calendars are // ALWAYS read-only. Remote servers where ics files are hosted MUST // return proper CORS headers (see readme.txt) otherwise this functionality // will not work! The main problem is related to CORS, because all JavaScript (XHR) requests are subject of CORS limitations in modern browsers :-/ JM
On 19 Sep 2020, at 00:37, Ploc <pub2020@acampado.net> wrote:
Is there a way to add an additional external ics resource in infcloud config file?
I'm thinking about a static ics read-only calendar, such as holidays calendar:
https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#res... (french school holidays calendar)
Thanks for your answer.
Thanks Jan for your answer, I should have read carefully the comment in the config file. I checked the resource and the server and it appears that the headers are ok to serve resources as CORS :
curl -I https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202... HTTP/1.1 200 OK Server: nginx Date: Sat, 19 Sep 2020 09:42:49 GMT Content-Type: application/octet-stream Content-Length: 9085 Last-Modified: Mon, 07 Sep 2020 13:33:36 GMT ETag: "5f5636b0-237d" Expires: Mon, 19 Oct 2020 09:42:49 GMT Cache-Control: max-age=2592000 Content-Disposition: attachment Pragma: public Cache-Control: public X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Allow-Credentials: true Accept-Ranges: bytes
As you can see, all origins are available :
Access-Control-Allow-Origin: *
My problem is that InfCloud is hosted on a server where CSP (Content Security Policy) is enabled. I have another error where the remote ics resource is not fetched because the preflight request fails :
Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202.... Raison : l’en-tête « x-requested-with » n’est pas autorisé d’après l’en-tête « Access-Control-Allow-Headers » de la réponse de pré-vérification des requêtes CORS.
In other words, there cannot be the x-requested-with header along with the Access-Control-Allow-Headers header. As far as I understand, this is due to the response of the OPTION request and answer to static.data.gouv.fr which does not contain the correct header: request:
Access-Control-Request-Headers: authorization,x-requested-with
response:
Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range
I don't understand why is there this authorization header as I'm not using any credential to retrieve this static public resource: var globalSubscribedCalendars={ hrefLabel: 'Subscribed', calendars: [ { href: 'https://static.data.gouv.fr/resources/le-cal endrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics', userAuth: { userName: '', userPassword: '' }, typeList: ['vevent'], ignoreAlarm: true, displayName: 'vacances scolaires', color: '#ff0000' } ] }; I can't find any way to fix this issue. Do you have any idea about that? Thanks, Ploc Le 19/09/2020 à 11:25, Ján Máté a écrit :
Hi Ploc,
yes of course, from the config.js:
// globalSubscribedCalendars // This option specifies a list of remote URLs to ics files (e.g.: used // for distributing holidays information). Subscribed calendars are // ALWAYS read-only. *Remote servers where ics files are hosted MUST* // *return proper CORS headers (see readme.txt) otherwise this functionality* // *will not work!*
The main problem is related to CORS, because all JavaScript (XHR) requests are subject of CORS limitations in modern browsers :-/
JM
On 19 Sep 2020, at 00:37, Ploc <pub2020@acampado.net <mailto:pub2020@acampado.net>> wrote:
Is there a way to add an additional external ics resource in infcloud config file?
I'm thinking about a static ics read-only calendar, such as holidays calendar:
https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#res... (french school holidays calendar)
Thanks for your answer.
Hi Ploc, the: X-Requested-With: XMLHttpRequest indicates that the request is a JavaScript request. The server must allow this header in the Access-Control-Allow-Headers header... And the authorization header ... maybe there is a bug in the jQuery Ajax request in the source code, there should be something like: if(inputResource.userAuth.userName!='' && inputResource.userAuth.userPassword!='') ... send the header ... But first you must solve the X-Requested-With header problem ... JM
On 19 Sep 2020, at 23:18, Ploc <pub2020@acampado.net> wrote:
Thanks Jan for your answer, I should have read carefully the comment in the config file.
I checked the resource and the server and it appears that the headers are ok to serve resources as CORS :
curl -I https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202... HTTP/1.1 200 OK Server: nginx Date: Sat, 19 Sep 2020 09:42:49 GMT Content-Type: application/octet-stream Content-Length: 9085 Last-Modified: Mon, 07 Sep 2020 13:33:36 GMT ETag: "5f5636b0-237d" Expires: Mon, 19 Oct 2020 09:42:49 GMT Cache-Control: max-age=2592000 Content-Disposition: attachment Pragma: public Cache-Control: public X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Allow-Credentials: true Accept-Ranges: bytes
As you can see, all origins are available :
Access-Control-Allow-Origin: *
My problem is that InfCloud is hosted on a server where CSP (Content Security Policy) is enabled. I have another error where the remote ics resource is not fetched because the preflight request fails :
Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202.... Raison : l’en-tête « x-requested-with » n’est pas autorisé d’après l’en-tête « Access-Control-Allow-Headers » de la réponse de pré-vérification des requêtes CORS.
In other words, there cannot be the x-requested-with header along with the Access-Control-Allow-Headers header.
As far as I understand, this is due to the response of the OPTION request and answer to static.data.gouv.fr which does not contain the correct header:
request:
Access-Control-Request-Headers: authorization,x-requested-with
response:
Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range
I don't understand why is there this authorization header as I'm not using any credential to retrieve this static public resource:
var globalSubscribedCalendars={ hrefLabel: 'Subscribed', calendars: [ { href: 'https://static.data.gouv.fr/resources/le-cal endrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics', userAuth: { userName: '', userPassword: '' }, typeList: ['vevent'], ignoreAlarm: true, displayName: 'vacances scolaires', color: '#ff0000' } ] };
I can't find any way to fix this issue.
Do you have any idea about that?
Thanks,
Ploc
Le 19/09/2020 à 11:25, Ján Máté a écrit :
Hi Ploc, yes of course, from the config.js: // globalSubscribedCalendars // This option specifies a list of remote URLs to ics files (e.g.: used // for distributing holidays information). Subscribed calendars are // ALWAYS read-only. *Remote servers where ics files are hosted MUST* // *return proper CORS headers (see readme.txt) otherwise this functionality* // *will not work!* The main problem is related to CORS, because all JavaScript (XHR) requests are subject of CORS limitations in modern browsers :-/ JM
On 19 Sep 2020, at 00:37, Ploc <pub2020@acampado.net <mailto:pub2020@acampado.net>> wrote:
Is there a way to add an additional external ics resource in infcloud config file?
I'm thinking about a static ics read-only calendar, such as holidays calendar:
https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#res... (french school holidays calendar)
Thanks for your answer.
Hi Jan, I'm trying to talk with the webmaster of the resource I'm trying to embed in my calendar. Here is what he is saying :
Our API and static files are designed to be cross-domain usable. We have many applications that use this mechanism without a problem.
The following codes (jQuery and window.fetch) allow to retrieve the ICS file as you wish, from any page, as you can check here :
Can you please tell what is the difference of the jsfiddle requests, and the one that are blocked in the infcloud configuration? Thanks, Ploc Le 19/09/2020 à 23:35, Ján Máté a écrit :
Hi Ploc,
the:
X-Requested-With: XMLHttpRequest
indicates that the request is a JavaScript request. The server must allow this header in the Access-Control-Allow-Headers header...
And the authorization header ... maybe there is a bug in the jQuery Ajax request in the source code, there should be something like:
if(inputResource.userAuth.userName!='' && inputResource.userAuth.userPassword!='') ... send the header ...
But first you must solve the X-Requested-With header problem ...
JM
On 19 Sep 2020, at 23:18, Ploc <pub2021@acampado.net <mailto:pub2021@acampado.net>> wrote:
Thanks Jan for your answer, I should have read carefully the comment in the config file.
I checked the resource and the server and it appears that the headers are ok to serve resources as CORS :
curl -I https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202... <https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics> HTTP/1.1 200 OK Server: nginx Date: Sat, 19 Sep 2020 09:42:49 GMT Content-Type: application/octet-stream Content-Length: 9085 Last-Modified: Mon, 07 Sep 2020 13:33:36 GMT ETag: "5f5636b0-237d" Expires: Mon, 19 Oct 2020 09:42:49 GMT Cache-Control: max-age=2592000 Content-Disposition: attachment Pragma: public Cache-Control: public X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Allow-Credentials: true Accept-Ranges: bytes
As you can see, all origins are available :
Access-Control-Allow-Origin: *
My problem is that InfCloud is hosted on a server where CSP (Content Security Policy) is enabled. I have another error where the remote ics resource is not fetched because the preflight request fails :
Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202.... Raison : l’en-tête « x-requested-with » n’est pas autorisé d’après l’en-tête « Access-Control-Allow-Headers » de la réponse de pré-vérification des requêtes CORS.
In other words, there cannot be the x-requested-with header along with the Access-Control-Allow-Headers header.
As far as I understand, this is due to the response of the OPTION request and answer to static.data.gouv.fr which does not contain the correct header:
request:
Access-Control-Request-Headers: authorization,x-requested-with
response:
Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range
I don't understand why is there this authorization header as I'm not using any credential to retrieve this static public resource:
var globalSubscribedCalendars={ hrefLabel: 'Subscribed', calendars: [ { href: 'https://static.data.gouv.fr/resources/le-cal endrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics', userAuth: { userName: '', userPassword: '' }, typeList: ['vevent'], ignoreAlarm: true, displayName: 'vacances scolaires', color: '#ff0000' } ] };
I can't find any way to fix this issue.
Do you have any idea about that?
Thanks,
Ploc
Le 19/09/2020 à 11:25, Ján Máté a écrit :
Hi Ploc, yes of course, from the config.js: // globalSubscribedCalendars // This option specifies a list of remote URLs to ics files (e.g.: used // for distributing holidays information). Subscribed calendars are // ALWAYS read-only. *Remote servers where ics files are hosted MUST* // *return proper CORS headers (see readme.txt) otherwise this functionality* // *will not work!* The main problem is related to CORS, because all JavaScript (XHR) requests are subject of CORS limitations in modern browsers :-/ JM
On 19 Sep 2020, at 00:37, Ploc <pub2021@acampado.net <mailto:pub2021@acampado.net>> wrote:
Is there a way to add an additional external ics resource in infcloud config file?
I'm thinking about a static ics read-only calendar, such as holidays calendar:
https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#res... (french school holidays calendar)
Thanks for your answer.
Hi Ploc, when I try to add your URL (more precisely the URL to which the original URL you send redirects: "https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202...") then you get the following error: and if you check the request headers then you will see the following: ... X-Requested-With: XMLHttpRequest ... and this header is NOT allowed in the "Access-Control-Allow-Headers". I don't understand why this request header is missing when you use the $.get (but present when you use $.ajax) - it is probably a bug in the jQuery $.get method - google for: jquery $.get missing X-Requested-With The X-Requested-With must be allowed for Ajax requests (Access-Control-Allow-Headers) even if your admin found one example (probably bug) where it works without it :-) JM
On 12 Feb 2021, at 1:06 AM, Ploc <pub2021@acampado.net> wrote:
Hi Jan,
I'm trying to talk with the webmaster of the resource I'm trying to embed in my calendar. Here is what he is saying :
Our API and static files are designed to be cross-domain usable. We have many applications that use this mechanism without a problem. The following codes (jQuery and window.fetch) allow to retrieve the ICS file as you wish, from any page, as you can check here :
Can you please tell what is the difference of the jsfiddle requests, and the one that are blocked in the infcloud configuration?
Thanks,
Ploc
Le 19/09/2020 à 23:35, Ján Máté a écrit :
Hi Ploc, the: X-Requested-With: XMLHttpRequest indicates that the request is a JavaScript request. The server must allow this header in the Access-Control-Allow-Headers header... And the authorization header ... maybe there is a bug in the jQuery Ajax request in the source code, there should be something like: if(inputResource.userAuth.userName!='' && inputResource.userAuth.userPassword!='') ... send the header ... But first you must solve the X-Requested-With header problem ... JM
On 19 Sep 2020, at 23:18, Ploc <pub2021@acampado.net <mailto:pub2021@acampado.net>> wrote:
Thanks Jan for your answer, I should have read carefully the comment in the config file.
I checked the resource and the server and it appears that the headers are ok to serve resources as CORS :
curl -I https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202... <https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics> HTTP/1.1 200 OK Server: nginx Date: Sat, 19 Sep 2020 09:42:49 GMT Content-Type: application/octet-stream Content-Length: 9085 Last-Modified: Mon, 07 Sep 2020 13:33:36 GMT ETag: "5f5636b0-237d" Expires: Mon, 19 Oct 2020 09:42:49 GMT Cache-Control: max-age=2592000 Content-Disposition: attachment Pragma: public Cache-Control: public X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN Access-Control-Allow-Origin: * Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range Access-Control-Allow-Credentials: true Accept-Ranges: bytes
As you can see, all origins are available :
Access-Control-Allow-Origin: *
My problem is that InfCloud is hosted on a server where CSP (Content Security Policy) is enabled. I have another error where the remote ics resource is not fetched because the preflight request fails :
Blocage d’une requête multiorigines (Cross-Origin Request) : la politique « Same Origin » ne permet pas de consulter la ressource distante située sur https://static.data.gouv.fr/resources/le-calendrier-scolaire-format-ical/202.... Raison : l’en-tête « x-requested-with » n’est pas autorisé d’après l’en-tête « Access-Control-Allow-Headers » de la réponse de pré-vérification des requêtes CORS.
In other words, there cannot be the x-requested-with header along with the Access-Control-Allow-Headers header.
As far as I understand, this is due to the response of the OPTION request and answer to static.data.gouv.fr which does not contain the correct header:
request:
Access-Control-Request-Headers: authorization,x-requested-with
response:
Access-Control-Allow-Headers: Origin,Authorization,Accept,DNT,User-Agent,If-Modified-Since,Cache-Control,Content-Type,Range
I don't understand why is there this authorization header as I'm not using any credential to retrieve this static public resource:
var globalSubscribedCalendars={ hrefLabel: 'Subscribed', calendars: [ { href: 'https://static.data.gouv.fr/resources/le-cal endrier-scolaire-format-ical/20200907-153336/zones-a-b-c-2019-2020.ics', userAuth: { userName: '', userPassword: '' }, typeList: ['vevent'], ignoreAlarm: true, displayName: 'vacances scolaires', color: '#ff0000' } ] };
I can't find any way to fix this issue.
Do you have any idea about that?
Thanks,
Ploc
Le 19/09/2020 à 11:25, Ján Máté a écrit :
Hi Ploc, yes of course, from the config.js: // globalSubscribedCalendars // This option specifies a list of remote URLs to ics files (e.g.: used // for distributing holidays information). Subscribed calendars are // ALWAYS read-only. *Remote servers where ics files are hosted MUST* // *return proper CORS headers (see readme.txt) otherwise this functionality* // *will not work!* The main problem is related to CORS, because all JavaScript (XHR) requests are subject of CORS limitations in modern browsers :-/ JM
On 19 Sep 2020, at 00:37, Ploc <pub2021@acampado.net <mailto:pub2021@acampado.net>> wrote:
Is there a way to add an additional external ics resource in infcloud config file?
I'm thinking about a static ics read-only calendar, such as holidays calendar:
https://www.data.gouv.fr/fr/datasets/le-calendrier-scolaire-format-ical/#res... (french school holidays calendar)
Thanks for your answer.
participants (3)
-
Ján Máté -
Ploc -
Ploc