
GitHub 404'd a CSS file for a while - koolba
https://github.com/?cors-bug
======
FiloSottile
The CORS error is a red herring. Stylesheets are failing to load with 404, and
those 404 also happen not to have the CORS headers (since they are simple HTML
error pages).

    
    
        $ http https://assets-cdn.github.com/assets/frameworks-9e1db7aa5e35573e7a01331c4afc4d3df80c21f118c6c727900d5e032e7dd7b4.css
        HTTP/1.1 404 Not Found
        Accept-Ranges: bytes
        Age: 3
        Connection: keep-alive
        Content-Encoding: gzip
        Content-Length: 93319
        Content-Type: text/html
        Date: Tue, 05 Sep 2017 18:10:52 GMT
        Server: GitHub.com
        Vary: Accept-Encoding
        Via: 1.1 varnish
        X-Cache: HIT
        X-Cache-Hits: 1
        X-Fastly-Request-ID: 362b40a8dbaf695c1933af2ceba160fd011f904d
        X-GitHub-Request-Id: B246:7E91:7D676E:8B2E5A:59AEE8A7
        X-Served-By: cache-jfk8145-JFK
        X-Timer: S1504635052.455916,VS0,VE2
        timing-allow-origin: https://github.com
    

EDIT: CORS is not normally required for stylesheets, but GitHub uses the
"crossorigin" <link> attribute, supposedly to prevent cookies from being sent
with the request, and that has the side effect of requiring CORS headers:

    
    
        <link crossorigin="anonymous" href="https://assets-cdn.github.com/assets/frameworks-9e1db7aa5e35573e7a01331c4afc4d3df80c21f118c6c727900d5e032e7dd7b4.css" integrity="sha256-nh23ql41Vz56ATMcSvxNPfgMIfEYxscnkA1eAy5917Q=" media="all" rel="stylesheet" />
    

[https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/li...](https://developer.mozilla.org/en-
US/docs/Web/HTML/Element/link)

~~~
dang
Ok, we updated the title above in an attempt at accuracy.

------
koolba
Chrome debug console shows:

> Access to CSS stylesheet at '[https://assets-
> cdn.github.com/assets/frameworks-<hash>.css'](https://assets-
> cdn.github.com/assets/frameworks-<hash>.css') from origin
> '[https://github.com'](https://github.com') has been blocked by CORS policy:
> No 'Access-Control-Allow-Origin' header is present on the requested
> resource. Origin '[https://github.com'](https://github.com') is therefore
> not allowed access. The response had HTTP status code 404.

This going to be a PITA if it gets cached.

~~~
nikolay
CORS updates should always be triple-checked as they can lead to a massive
outage. I'm not a big fan of CD anyway, but there are things like CORS that
are obviously incompatible with the CD concept as you can't easily (well,
quickly) roll back.

------
ben174
Impressive how usable the site is without their static assets. A sign of a
good designer to make functional HTML first, then style it after.

~~~
adventist
Yeah I was impressed.

------
captn3m0
All fixed now. edit: Some inline fonts are still getting blocked

~~~
mcescalante
I am also seeing it fixed. If you ever need to quickly clear your cache
(without going into Chrome settings) either:

1\. Open the Developer Tools, go to "Network" and up top check off "disable
cache". This will disable the cache for this one page whenever dev tools is
open.

2\. Open Developer Tools and "long press" (hold left mouse down) on the
regular chrome reload button. You will see a few options, one of them being
"empty cache and hard reload"

~~~
micael_dias
Or CMD+Shift+R on Mac

------
V99
The problem looks more like the file
(frameworks-9e1db7aa5e35573e7a01331c4afc4d3df80c21f118c6c727900d5e032e7dd7b4.css)
doesn't actually exist on the CDN, and the browser is therefore getting back a
404 page.

The 404 page then happens to not have an Access-Control header, but that
wouldn't really help anyway.

------
vilius
CORS issues. Happens to the best of us.

------
AngelloPozo
Thought i was going mad a minute ago.

------
joshumax
Ironically, one of my caching extensions for chromium kept the site working
just fine until I reloaded the extension...

------
ben174
Looks like they tried to switch static assets to a new CDN without first
checking their CORS policy.

------
jlisam13
it's fixed now!

------
sjbr
it's fixed now

------
Cofike
And we're back

