22 comments

[ 0.18 ms ] story [ 43.9 ms ] thread
Chrome debug console shows:

> Access to CSS stylesheet at 'https://assets-cdn.github.com/assets/frameworks-<hash>.css' from origin 'https://github.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'https://github.com' is therefore not allowed access. The response had HTTP status code 404.

This going to be a PITA if it gets cached.

CORS updates should always be triple-checked as they can lead to a massive outage. I'm not a big fan of CD anyway, but there are things like CORS that are obviously incompatible with the CD concept as you can't easily (well, quickly) roll back.
(comment deleted)
Looks like they tried to switch static assets to a new CDN without first checking their CORS policy.
Ironically, one of my caching extensions for chromium kept the site working just fine until I reloaded the extension...
(comment deleted)
Impressive how usable the site is without their static assets. A sign of a good designer to make functional HTML first, then style it after.
CORS issues. Happens to the best of us.
All fixed now. edit: Some inline fonts are still getting blocked
I am also seeing it fixed. If you ever need to quickly clear your cache (without going into Chrome settings) either:

1. Open the Developer Tools, go to "Network" and up top check off "disable cache". This will disable the cache for this one page whenever dev tools is open.

2. Open Developer Tools and "long press" (hold left mouse down) on the regular chrome reload button. You will see a few options, one of them being "empty cache and hard reload"

The problem looks more like the file (frameworks-9e1db7aa5e35573e7a01331c4afc4d3df80c21f118c6c727900d5e032e7dd7b4.css) doesn't actually exist on the CDN, and the browser is therefore getting back a 404 page.

The 404 page then happens to not have an Access-Control header, but that wouldn't really help anyway.

(comment deleted)
The CORS error is a red herring. Stylesheets are failing to load with 404, and those 404 also happen not to have the CORS headers (since they are simple HTML error pages).

    $ http https://assets-cdn.github.com/assets/frameworks-9e1db7aa5e35573e7a01331c4afc4d3df80c21f118c6c727900d5e032e7dd7b4.css
    HTTP/1.1 404 Not Found
    Accept-Ranges: bytes
    Age: 3
    Connection: keep-alive
    Content-Encoding: gzip
    Content-Length: 93319
    Content-Type: text/html
    Date: Tue, 05 Sep 2017 18:10:52 GMT
    Server: GitHub.com
    Vary: Accept-Encoding
    Via: 1.1 varnish
    X-Cache: HIT
    X-Cache-Hits: 1
    X-Fastly-Request-ID: 362b40a8dbaf695c1933af2ceba160fd011f904d
    X-GitHub-Request-Id: B246:7E91:7D676E:8B2E5A:59AEE8A7
    X-Served-By: cache-jfk8145-JFK
    X-Timer: S1504635052.455916,VS0,VE2
    timing-allow-origin: https://github.com
EDIT: CORS is not normally required for stylesheets, but GitHub uses the "crossorigin" <link> attribute, supposedly to prevent cookies from being sent with the request, and that has the side effect of requiring CORS headers:

    <link crossorigin="anonymous" href="https://assets-cdn.github.com/assets/frameworks-9e1db7aa5e35573e7a01331c4afc4d3df80c21f118c6c727900d5e032e7dd7b4.css" integrity="sha256-nh23ql41Vz56ATMcSvxNPfgMIfEYxscnkA1eAy5917Q=" media="all" rel="stylesheet" />
https://developer.mozilla.org/en-US/docs/Web/HTML/Element/li...
yep, I get a 404 on those assets, CORS is just a generic error the browser displays apparently. Has sent me down a few rabbit holes over the years - I which CORS isn't mentioned when its just a 404... arrg...
Yeah the real issue here is less about missing CORS headers and more that the stylesheet appears to be missing
Ok, we updated the title above in an attempt at accuracy.
it's fixed now