Skuid Error Accessing Resources due to CORS

Receiving the following Error now when loading pages. This is causing CSS issues on themes. :

Access to Font at ‘https://skuid.cs12.visual.force.com/resource/skuid__Fonts/opensans/Italic/OpenSans-Italic.woff2?v=1…’ from origin ‘https://c.cs12.visual.force.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://c.cs12.visual.force.com’ is therefore not allowed access.

Has anyone else seen this in the past few days? 

Hi Ray, we are looking into this, and will reach out when we have more information. 

It sounds like this may be something internal in Salesforce, but it would take more investigation to pin down what had changed. It’s also possible that this is related to a known issue with Themes, in which some of the theme files aren’t being found, or URLs are being misconstructed. References to external fonts like Google’s ever-popular OpenSans may end up with an incorrect URL. Our developers are investigating this potential issue. 

Seeing the same thing.  It has been a couple months since your last response Mark.  What did your developers discover?

ditto

Hello Gregg and Arne,

Which versions of Skuid are you each working with? I believe Ray’s issue had to do with the Skuid namespace being present in one URL and missing in the other, thus making it look like there was a Cross-Origin issue. This should have been resolved as of the Q2 point release, but if you’re running into the same error, it may not necessarily be caused by the same underlying issue. 

Thanks Mark. I am on the latest release. My issue was not for font. It was for an APEX Rest Resource. I will check namespace.

I am also running into same issue.

I am seeing below messages in console, i am seeing this messages after i upgraded my version to 11.0.1 to 11.0.3 version.

Access to Font at ‘https://cbg–devr1.cs52.my.salesforce.com/visualforce/session?url=https%3A%2F%2Fcbg–devr1–c.cs52.v…’ from origin ‘null’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘null’ is therefore not allowed access.
UI?page=NG_TransActLandingPage:1 Access to Font at ‘https://cbg–devr1–c.cs52.visual.force.com/resource/Roboto_V2/Fonts/Roboto-Medium.ttf’ from origin ‘https://cbg–devr1–skuid.cs52.visual.force.com’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘https://cbg–devr1–skuid.cs52.visual.force.com’ is therefore not allowed access.

Hello Praveen, have you made sure to update your out of date themes since updating?

I did update the themes and still seeing same issue.

@Mark, do you have any other suggestions on this, this is very critical for us because all our pages are loading with default font.

I true appreciate the help from SKUID. Skuid suggested to use google fonts instead of loading the fonts from static resource and it fixed the issue.

But being not able to load the fonts from css static resource could be an issue, hope skuid will fix it.

Hello Skuid Community ~

Thank you for your thoughtful suggestion! Skuid listened to your concern and has implemented your idea in the new Skuid Version Millau (11.0.5) release which is now available on the Skuid Releases page.

As a reminder, Salesforce does NOT allow reverting back to prior versions of managed packages. Skuid always recommends installing new versions in a non-business critical sandbox environment to test all mission critical functionality before installing into a production environment. We also recommend that you update out of date themes when you upgrade.

I’m getting this error in 11.1.13 on Salesforce Spring’18

Access to Font at ‘https://cs66.salesforce.com/visualforce/session?url=https%3A%2F%2Fskuid.cs66.visual.force.com%2Freso…’ from origin ‘null’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘null’ is therefore not allowed access.

Per a suggestion above, I added a link to my google web font as an external CSS resource but the error is still there. 

This is happening because of the CORS 3 (Cross Origin Resource Sharing) . For every HTTP request to a domain, the browser attaches any HTTP cookies associated with that domain. This is especially useful for authentication, and setting sessions. You are doing an XMLHttpRequest to a different domain than your page is on. So the browser is blocking it as it usually allows a request in the same origin for security reasons. You need to do something different when you want to do a cross-domain request.

JSONP ( JSON with Padding ) is a method commonly used to bypass the cross-domain policies in web browsers. You’re on domain example.com, and you want to make a request to domain example.nett . To do so, you need to cross domain boundaries. JSONP is really a simple trick to overcome the XMLHttpRequest same domain policy. So, instead of using XMLHttpRequest we have to use < script > HTML tags, the ones you usually use to load JavaScript files , in order for JavaScript to get data from another domain.

Localhost

If you need to enable CORS on the server in case of localhost, you need to have the following on request header.

Access-Control-Allow-Origin: http://localhost:9999

Also, this kind of trouble is now partially solved simply by using the following jQuery instruction:

<script> 
    $.support.cors = true;
</script>