Matthew Bass

  • CORS woes on Heroku

    ,

    After spending the past 4 hours attempting to solve what boiled down to a rather simple problem, I figure I’d better blog about it to save someone else the time and effort.

    If you’ve been leveraging Passenger’s new –nginx-config-template command line option to add CORS headers to static assets served from a Rails app hosted on Heroku, and the CORS headers recently disappeared under mysterious circumstances… read on.

    I’ve been using the method described here to add CORS headers to custom fonts served from a Heroku-hosted Rails app that’s proxied by Nginx which handles serving static files. I recently updated to Rails 4.2.2 and suddenly, my custom fonts (.woff and .woff2 files) no longer had CORS headers on them.

    After the aforementioned hours spent scratching my head, I discovered that the latest version of the sprockets gem is generating asset digests that are 64 chars in length, where previously they had been 32. Nginx’s default regexp for identifying requests for static assets assumes the digest will be 32 chars long, like so:

    # Rails asset pipeline support.
location ~ "^/assets/.+-[0-9a-f]{32}\..+" {
  error_page 490 = @static_asset;
  error_page 491 = @dynamic_request;
  recursive_error_pages on;</code>

  if (-f $request_filename) {
    return 490;
  }
  if (!-f $request_filename) {
    return 491;
  }
}

    Changing the regexp to recognize digests that are 64 chars in length immediately solved the problem:

    location ~ "^/assets/.+-[0-9a-f]{64}\..+" {
   ...
}

    I had to laugh after something so stupid and silly cost me a good chunk of my Saturday to debug. But at least it’s working now. My statically served custom fonts have the correct CORS headers and Chrome and Firefox are happy again.

Need help?

I’m an independent software developer available for consulting, contract work, or training. Contact me if you’re interested.

  • Quote of the Week: Douglas Adams

    ·

    “A common mistake that people make when trying to design something completely foolproof is to underestimate the ingenuity of complete fools.” — Douglas Adams

  • An encouraging story

    ·

    It’s always good to hear some positive news for a change. Three fisherman lost at sea for over nine months have been rescued. Read the full story at MSNBC.

  • The importance of code reviews

    ·

    Have you ever done a code review? Most developers haven’t. It doesn’t seem to be a regular practice in many parts of the software industry, yet by ignoring the importance of code reviews we miss out on the benefits that they can provide.

    My friend and former co-worker Sri has written an article about code reviews that was published on java.net today. Here’s a teaser:

    Need to be sure your program really runs right? Oh sure, testing’s a part of it, but so are code reviews. Sri Sankaran argues that research and experience prove that a standardized, effective code review process mitigates costs and produces better code.

    Coming from an agile development background, I’ve participated in several code reviews myself. Properly used they can be an effective way to ensure that the software being shipped is solid, and that the team is on the same page when it comes to standards and organization.

    Read the full article at java.net!

  • Resources for entrepreneurs

    ·

    Check out Lifehack’s list of resources for entrepreneurs. It’s an incredible collection of useful sites and blogs with advice ranging from how to start a niche business to how to maximize your Google AdSense income. I’m at the stage right now where I’m trying to learn as much as possible about what successful entrepreneurs have done to actually be successful. A resource like this may be the closest I can get without actually shadowing someone.