CORS Issue on latest webkit-based browsers (Chrome, Safari)

  • Hello!

    We're using Krpano 1.18 html5 player with tiles stored on Amazon S3. Last month our customers reported that player does not work properly on latest Chrome.

    We have CORS enabled and properly configured (according to manuals that appear on this forum) on S3. Everything works fine under Firefox and oldest versions of Chrome(42) and Safari (8.0.6). But doesn't work on Chrome 44-45(canary), Safari 8.0.7 and mobile browsers, that got updates some time ago.

    We've noticed that browser sends Origin: null header instead of domain name and as result S3 doesn't send Allow-Access-Origin header in response. We've temporary switched player to Flash-version, but our customers aren't happy with that, cause they also need krpano player on their mobile devices.

    Can anyone help? Thanks!

  • Hi, Klaus!

    Looks like this is Webkit bug

    We send tiles requests to controller on our server that responds with 302 status and Location header with url to a tile stored on S3 with appropriate headers (like X-Amz-Credential, X-Amz-Expires, X-Amz-Signature, etc).

  • Hey, Klaus!

    We've created a sample app on heroku with configuration similar to our servers: https://immense-ridge-8144.herokuapp.com/

    So, there are two requests for each tile:
    First goes to our server: https://immense-ridge-8144.herokuapp.com/panoramas/1/tiles/f/1/0_0.jpg
    Server responds with 302 and Location to image on S3:
    https://krpano-test.s3-us-west-2.amazonaws.com/uploads/panora…5510d8a6ea4cc24

    For the first request there is Origin header being set to domain name https://immense-ridge-8144.herokuapp.com
    And for the second there's Origin set to null, and as result, S3 doesn't send Access-Control-Allow-Origin header in response


    It works fine in Firefox, but not under webkit-based browsers. But worked fine few time ago and we didn't make any changes to our codebase

  • Hi,

    sorry, but so far I understand you have problems that one server isn't forwarding the CORS headers - but that's nothing that could be addressed from krpano side.

    krpano is a client-side Javascript application, all it can do is to set the crossOrigin property of the files it will load, and this could be controlled via the 'security.cors' setting:
    https://krpano.com/docu/xml/#security.cors

    Anything that happens on the server or between servers is on server side and out of control from client/Javascript side...

    Best regards,
    Klaus

Jetzt mitmachen!

Sie haben noch kein Benutzerkonto auf unserer Seite? Registrieren Sie sich kostenlos und nehmen Sie an unserer Community teil!