htaccess file blocking normal operation of Floatbox?

Page: 1

Author Post
Member
Registered: Apr 2009
Posts: 81
This URL won't load:
http://www.revenuer.org/beta/floatbox/resources/wait.gif

I believe the file .htaccess in that folder is interfering with the IIS server? The server thinks the user needs to be authenticated before it will allow the file to be loaded?

Not sure why you need .htaccess in Floatbox?

Thanks.
Administrator
Registered: Aug 2008
Posts: 3382
Very surprised to hear that IIS behaviour would be influenced by the presence of a .htaccess file; or why it should think authentication might required when it is present.

Floatbox is using a small set of icon fonts now, instead of background images, on the various controls and widgets. A few folks (not many) run a single instance of Floatbox on one server (site) that is shared with and used by a few other foreign servers (sites). Most modern browsers will not load fonts from a foreign domain unless given permission by a CORS header delivered with the font file. The .htaccess file in the resources folder adds that header to the fbicon font files in that folder when served from Apache.
    Header set Access-Control-Allow-Origin "*"


That .htaccess file can be removed from the resources folder by 99.99% of Floatbox users without any negative impact. The few Apache users who are serving Floatbox out to foreign domains may wish to set their access control somewhere else in their site config, and may wish to make it more restrictive than "*". IIS users serving Floatbox to foreign domains would need to set the CORS header in the IIS config.

Honestly, .htaccess was dropped into the resources folder because I didn't have the time or inclination to do a write-up on cross-domain resource sharing and its presence will save a very small number of people some hassle. My apologies if instead it generated some fresh hassle for you. (Although I do remain skeptical that it could trigger authentication in IIS.)
Member
Registered: Apr 2009
Posts: 81
I don't think it is IIS itself, but an installed component we have called IIS Password. We are phasing out that component, since it is rather outdated anyway, and will be replacing it with Helicon (which allows .htaccess functionality on a Windows server). In the meantime, I will just use a workaround, or a slightly older version of Floatbox.
Administrator
Registered: Aug 2008
Posts: 3382
Just delete the .htaccess file. Job done. You don't need it, and I probably shouldn't have distributed it.

Page: 1