You are not logged in.

CORS implementation

jordi

Professional

  • "jordi" started this thread

Posts: 583

Location: Barcelona

Occupation: creating ideas & coding them

  • Send private message

1

Friday, June 30th 2017, 1:09pm

CORS implementation

Hi, I've been reading about CORS in all threads of the forum and from outside, but can find a solution.

so I have domain1 where I hosts all the files (krpano, xml, images)

in htaccess from domain1 I should add :

Source code

 
1

Header set Access-Control-Allow-Origin "*"


then in domain2 I have a index.html

Source code

 
1
2
3
4
5
6
7
8
9

<script src="https://domain1.com/pano.js">
</script><div id="pano" style="width:100%;height:100%;"><script>
embedpano({  
    swf:"https://domain1.com/pano.swf", 
    xml:"https://domain1.com/pano.xml", 
    target:"pano"
});
</script>
</div>



and pano xml is :

Source code

 
1
2
3
4
5
6
7
8
9
10
11
12
13

<krpano>
<security cors="use-credentials" />	

<include url="skin/defaultskin.xml" />	

<view hlookat="0" vlookat="0" maxpixelzoom="1.0" fovmax="150" limitview="auto" />	
	<preview url="a.tiles/preview.jpg" />
	<image type="CUBE" multires="true" tilesize="512">		
      <level tiledimagewidth="640" tiledimageheight="640">			
      <cube url="a.tiles/%s/l1/%v/l1_%s_%v_%h.jpg" />		
     </level>	
 </image>
</krpano>


So on this situation from domain2, the index.html is able to load krpano and the first xml (pano.xml) but not the second xml (defaultskin.xml) neither the images of the pano.

Anyone knows what am I missing ?

I've already been testing many different htaccess options like add instead of set or always set, or different kind of methods...

Source code

 
1
2
3
4
5

Header add Access-Control-Max-Age 1728000
Header add Access-Control-Allow-Origin: http://domain1.com
Header add Access-Control-Allow-Methods: "GET,POST,OPTIONS,DELETE,PUT"
Header add Access-Control-Allow-Headers: "DNT,X-CustomHeader,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,C$
Header add Access-Control-Allow-Credentials true


Source code

 
1
2
3
4
5

# Enable cross domain access control
SetEnvIf Origin "^http(s)?://(.+\.)?(domain1\.com|domain2\.net)$" REQUEST_ORIGIN=$0
Header always set Access-Control-Allow-Origin %{REQUEST_ORIGIN}e env=REQUEST_ORIGIN
Header always set Access-Control-Allow-Methods "GET, POST, PUT, DELETE"
Header always set Access-Control-Allow-Headers: Authorization


But I guess is more a basic CORS concept that I miss.

thanks in advance
everpano.com step beyond 360

spacerywirtualne

Professional

Posts: 1,117

Location: Poland, Europe

Occupation: krpano developer : virtual tours : the cms4vr owner

  • Send private message

2

Saturday, July 1st 2017, 1:17pm

Have you try this?

...

<cube url="https://domain1.com/panos/a.tiles/%s/l1/%v/l1_%s_%v_%h.jpg" />

...

Best regards
Piotr
Your own professional, online cloud tool for creating virtual tours - www.cms4vr.com

facebook page :: youtube :: wiki.cms4vr.com

cms4vr team *thumbsup*

jordi

Professional

  • "jordi" started this thread

Posts: 583

Location: Barcelona

Occupation: creating ideas & coding them

  • Send private message

3

Monday, July 3rd 2017, 8:54am

Yes already try it, without succes.

What was easily working was to setup a bucket in aws s3... so I guess I know the way.

Thanks
everpano.com step beyond 360

martincarlin87

Beginner

Posts: 17

  • Send private message

4

Tuesday, July 14th 2020, 4:29pm

<security cors="use-credentials" />


fixed it for me - thanks! I haven't noticed this in the docs before.

Similar threads