Same Origin Policy issue on latest Firefox

[jurgenhaas]

First of all, thank you so much for providing this new version. It's amazing and I'm going to donate just because I like it so much.

Just a small issue I found: in Firefox 75.0 the site load OK and I can navigate, filter and so on but when I open a board, it shows the columns but it doesn't load the issues in them. The reason being that the Same Origin Policy prevents that from happening:

When switching to Chrome, it is working just fine.

[mglaman]

🤔 so that header is from Drupal.org, I believe. All CORS issues for Drupal.org should have been resolved years ago.

[mglaman]

@jurgenhaas do you have any extensions that harden security, maybe? Or are you on FireFox 74?

I realized it worked for me, but I was on 72

It's something new introduced: https://hacks.mozilla.org/2020/03/security-means-more-with-firefox-74-2/

[mglaman]

🤔Drupal.org isn't sending a CORP header (Cross-Origin-Resource-Policy).

Here are the headers I am getting

HTTP/2.0 200 OK
server: nginx
content-type: application/json
x-drupal-cache: MISS
access-control-allow-origin: *
access-control-allow-credentials: false
access-control-allow-methods: GET, OPTIONS
access-control-allow-headers: Content-Type
cache-control: public, max-age=900
expires: Sun, 19 Nov 1978 05:00:00 GMT
content-encoding: gzip
etag: "1586734275-1"
last-modified: Sun, 12 Apr 2020 23:31:15 GMT
via: 1.1 varnish
x-timer: S1586734275.373681,VS0,VE161
fastly-restarts: 1
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
content-security-policy: frame-ancestors 'self'
strict-transport-security: max-age=10886400; includeSubDomains; preload
accept-ranges: bytes
date: Sun, 12 Apr 2020 23:31:15 GMT
via: 1.1 varnish
age: 0
x-served-by: cache-sea4442-SEA, cache-pwk4977-PWK
x-cache: MISS, MISS
x-cache-hits: 0, 0
vary: Cookie,Accept-Encoding
X-Firefox-Spdy: h2

Can you reproduce and copy the network request headers? Pop open dev tools and refresh the page. Click on one of the requests and copy the headers. Or a screenshot works