Upgrading from an old krpano (1.08.15) to last (1.18.4) : security error on crossdomain image

  • Hello All.

    I take care of an old website that use the KRPANO viewer in versio 1.08.15 to display a cube.
    This version use HTML5 by default, with a Flash fallback if browser do not support HTML5.
    The images of the cube are hosted on an other domain :
    - the main website is hosted in "http://www.mybrand.com"
    - and all static ressources are hosted in "http://media.mybrand.com"

    With 1.08.15 version, I do not have any crossdomain problem with Flash or HTML5 : the images are correctly loaded.
    The "media" domain have a "crossdomain.xml" file, but do not send a "Allow-Origins:*" HTTP headers.
    The KRPano XML file have several <image> with URL looks like "http://media.mybrand.com/image.php?sku=…amp;quality=100"
    Everything works fine with this configuration.

    But now, I want to upgrade the Viewer and I want to use the last version of KRPANO (1.18.4).
    So, I simply upload the new .swf, .js etc files, change some settings in my HTML page and the XML file, but now, images do not load anymore with the HTML version.

    When I enable "showerrors" in KRPANO, it says:

    Zitat

    INFO: krpano 1.18.4 (build 2015-04-23)
    INFO: HTML5/Desktop - Firefox 31.0 - WebGL
    ERROR: plugin[fullmask] loading error: pano_mask.png
    ERROR: loading of http://media.mybrand.com/image.php?sku=…=45&quality=100 failed!

    for all the images.

    When looking with HttpFox the GET request, I see that all the images request are "image/jpeg (NS_ERROR_DOM_BAD_URI)"
    IE11 have the same problem : SCRIPT5022: SecurityError / File : eval code (28), ligne : 1, colonne : 115311

    I do not understand why the 1.08 version (in HTML5) do not have a crossdomain problem and when I upgrade to 1.18 (still HTML5) there is a cross-domain error ?

    any idea ?

    thanks !

    Jerome

  • Hi,

    the newer krpano HTML5 version versions are using either WebGL or CSS3D+Canvas for displaying the panos.

    In both cases CORS is required to access the pixels of the images when loading them from external domains.

    In very old krpano versions only CSS3D (without Canvas) was used for SOME browsers to display the panos, in this case CORS was not necessary, but the CSS3D-only usage was only done because of browsers bugs and was not the right, fully correct solution.

    As summary - when you want to load image from external domains - use CORS (and for Flash the crossdomain.xml), there is no other real solution.

    Best regards,
    Klaus

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!