It's in the eventsource server code: https://pagure.io/pagure/blob/master/f/pagure-ev/pagure_stream_server.py#_186

The value is set by APP_URL variable, per 7346098

I think we still have an issue with the cert, this is what I see on my laptop:

$ curl -I  https://pagure.io:8088/pagure/issue/521
curl: (60) SSL certificate problem: unable to get local issuer certificate
More details here: https://curl.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Can you confirm stg is working now?

The problem is that we fixed staging to use the cert + intermediate chain, but prod is just using the cert ( i guess we will need to fix after freeze)

Can you confirm stg is working now?

The certificate error is fixed on stg. I still see the CORS error in there, though.

Can you confirm stg is working now?

The certificate error is fixed on stg. I still see the CORS error in there, though.

Weird, this looks fine:

$ curl -I https://stg.pagure.io:8088/vashirov/389-ds-base/issue/12
HTTP/1.0 200 OK
Content-Type: text/event-stream
Cache: nocache
Connection: keep-alive
Access-Control-Allow-Origin: https://stg.pagure.io

Just tried adding a comment on a ticket of https://stg.pagured.io/test with the
same page opened in two tabs and adding the comment on one, it showed on the
other.
I also don't see any CORS issues on the console there.

(Just for the record, I'm using Firefox 91 from Fedora repos.)

After some more testing, I do see the CORS error at https://stg.pagure.io/pagure/issue/12 only when I reload the page quickly after it was displayed (e.g. in 2 seconds after it loaded). If I wait longer (10+ seconds), I don't see the CORS error on reload. So perhaps the error only means that the stg.pagure.io:8088 connection got aborted before the request was completed, or similar.