Jump to content

Topic on Extension talk:MultimediaViewer

How to mitigate CORS policy issue?

5 comments • 09:38, 27 February 2023 1 year ago
5
2003:F1:C70E:6600:630D:4D5:7627:FA99 (talkcontribs)

After the image flashing very briefly it get the error that the file cannot be loaded. I am getting the following error in my browser console:

Access to image at '.../w/images/6/6f/MyFile.jpg' from origin '...' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

The first ... stands for https: // repo . example . org, the second ... for https: // en . example . org

.../w/images/6/6f/MyFile.jpg:1          Failed to load resource: net::ERR_FAILED

Here ... stands for repo . example . org

Tried to add the following to .htaccess but it did not work:

<IfModule mod_headers.c>
    Header set Access-Control-Allow-Origin "..."
</IfModule>

Here ... stands for https: // en . example . org

Still the CORS policy violation prevents the thumb from being loaded.

Does anybody have a clue?

Reply 23:33, 24 February 2023 1 year ago
2003:F1:C70E:6600:463:E9E6:59CC:4DF2 (talkcontribs)

Also tried to add header("Access-Control-Allow-Origin: *"); to LocalSettings.php without success.

Reply Edited by Kghbln 10:15, 25 February 2023 1 year ago
Tacsipacsi (talkcontribs)

LocalSettings.php won’t help, as images are served directly, without involving PHP (as far as I know). For the .htaccess solution, without digging much into the details, I see that there’s an IfModule guard. Do you have the headers Apache module enabled? (Do you use Apache at all? If you use other web server software, e.g. nginx or lighttpd, .htaccess will be of no use. Consult the server software documentation for how to enable CORS.) If you administer your server yourself, and it runs Debian or a derivative (e.g. Ubuntu), you can enable the module using sudo a2enmod headers.

Reply 13:32, 25 February 2023 1 year ago
2003:F1:C70E:6600:463:E9E6:59CC:4DF2 (talkcontribs)

Thank your for your comments. This may explain things. So changing the setting for the headers module will indeed be the solution here?!


The managed hosting runs Apache, i. e. I can put stuff into my .htacces, however, it appears that I cannot modify settings related to the headers module. I can do stuff via command line however handling of the webserver is not part of it. This does explain why my setting to headers was ignored (to be verified with the provider)

Reply 20:37, 25 February 2023 1 year ago
Tacsipacsi (talkcontribs)

I’m not very experienced in administering Apache servers (I have a development server on my own computer that I administer, but that’s all), so I can’t say for sure that enabling the headers module will fix the problem, but I’m quite sure that it is necessary to fix it. Yes, if you have a hosting provider, you’ll probably have to either ask them, or use the self-service administration interface they provide (if they provide one).

Reply 09:38, 27 February 2023 1 year ago
Reply to "How to mitigate CORS policy issue?"
Retrieved from "https://www.mediawiki.org/wiki/Topic:Xd8qmufd3vhsbgcj"