I am dead in the water trying to make an https ajax call from an http session. CORS is enabled on server but the web2py_component https URL with user_signature=True now triggers an erroneous non-logged-in response to auth.is_logged_in() when, in fact, the user is logged in.
First, thanks to Marin Pranjić's help, I am able to articulate the above statement. A little while ago I couldn't have done so. The trouble with auth.is_logged_in() is mirrored by an error raised by @auth.requires_signature(). In response to an experiment designed by Marin, I documented the following: > If I put the @auth.requires_signature() decorator back into the controller > and reexecute, I get the Firebug error message: > XMLHttpRequest cannot load https://www.blah > blah<https://www.yakitome.com/store/checkout.load?pid=1&_signature=e5308784ae38c2f5f1a67552b4143bf7b9adeca1>. > > The request was redirected to > 'https://www.mydomain.com/user/login.load?_next=/blah > blah<https://www.yakitome.com/user/login.load?_next=/store/checkout.load%3Fpid%3D1>', > > which is disallowed for cross-origin requests that require preflight. > > Marin replied, > As I expected, auth.requires_signature looks broken. Give me some time, I > am very busy, but I'll try to give you solution. > Maybe URL.verify instead of decorator. Now, I have that auth.is_logged_in() in a critical spot and @auth.requires_signature() decorators on many functions that are now negatively impacted by this issue. So my sense of urgency is higher than my normal constant sense of urgency. I've been stuck on this for many days so I think I'm ready to ask for as much help as possible. Please. Thank you Marin and the web2py community for all the excellent support. Any suggestions about how to proceed, including from Marin, are appreciated. -- Resources: - http://web2py.com - http://web2py.com/book (Documentation) - http://github.com/web2py/web2py (Source code) - https://code.google.com/p/web2py/issues/list (Report Issues) --- You received this message because you are subscribed to the Google Groups "web2py-users" group. To unsubscribe from this group and stop receiving emails from it, send an email to web2py+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
