We have web applications where we use Autodesk Forge viewer. These were working as usual until yesterday. We didn't make any changes for months for some of them and now out of nowhere, we are receiving Cross-Origin errors.
I have checked 3 of our web application with Forge, none of them are working! Firefox and Chrome give these kind of errors:
Access to XMLHttpRequest at 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/res/locales/en/allstrings.json' from origin 'WEBSITE NAME' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://localhost:3000' that is not equal to the supplied origin.
Access to XMLHttpRequest at 'https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/lmvworker.min.js' from origin 'WEBSITE NAME' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'http://localhost:3000' that is not equal to the supplied origin.
and more png loading problems with errors above.
I don't know if it is because of deployment platform heroku. I need help on this since I have no idea what has changed. On the one of the platforms, there were made no changes since last year but it stopped working also.
I am using this url to load the viewer:
https://developer.api.autodesk.com/modelderivative/v2/viewers/style.min.css?v=v7.*
https://developer.api.autodesk.com/modelderivative/v2/viewers/7.*/viewer3D.min.js
I need to mention that at localhost, Forge Viewer loads the model without CORS Error and works fine.
Thanks for the help.
Update:
According to #Can777, this issue was resolved by clearing browser history.
The problem is solved by deleting the browser histories from all
browsers (Firefox nearly didn't have any history actually, since we
only use chrome).
=============
I'm sorry to hear this issue is bothering you. We have reported this issue to our engineering team to have a look. We will keep you updated once we got responses from them. We apologize for any problem that had caused to you.
Related
Ok Im breaking down https://tympanus.net/codrops/2019/03/26/exploding-3d-objects-with-three-js/ and downloaded the source, but his explanations are not in depth. Running the project locally having changed nothing, Im hit with many cross origin errors, in minified code:
XMLHttpRequest at
'file:///Users/me/Documents/Three%20JS/examples/ExplodingObjects-master/models/heart-high.glb'
from origin 'null' has been blocked by CORS policy: Cross origin
requests are only supported for protocol schemes: http, data, chrome,
chrome-extension, https.
It is also does this for various .jpg located locally. Why is this creating a cross origin problem since the file is right there?
I want to run this locally to test and understand everything, and can't run the project without the minified code. How can I fix this?
Your error says that your're just opening the HTML file in your browser. Any page opened like that wont be able to do any kind of request, even to a "Local" file. You should host your page using any kind of server, apache or even this 200ok server would do the job for you.
I have created API which helps developers upload images to their virtual folder.I have done everything but I have seen that cross domain upload doesn't seems to work when trying with mobile,how can I solve this?Deskop version works perfectly but mobile doesn't seems to work.And I have tested it same domain it worked but if it is cross domain it begin to not work,and fail.
Note: I have tested CORS but works only on desktop not on mobile,I know that I am not able to use jsonp in this case because I am uploading image and it cannot be done by jsonp.If Cors is not sollution How can I create cross browser,mobile supported upload process?
Example:http://newtimebox.com/demos/OOS_engine_API/upload.php , it works with desktop , but fail on mobile
Console says problem is XMLHttpRequest cannot load http://api.newtimebox.com/Controller/upload.php?connect_key=tmp873ap_k958a7…7b9fa25591dc4a472e74aeb1cd89fe590b558a73a72a982b58a73a72a986158a73a72a9896. Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header contains multiple values '*, http://www.newtimebox.com', but only one is allowed. Origin 'http://www.newtimebox.com' is therefore not allowed access. but I have just wrote one line which header Access-Control-Allow-Origin *
I cannot find cross browser solution but I have found my problem sollution,I got above error because I called that method from my subdomain(it is wierd).if I call that from http://example.com it works but if I call this from http://www.example.com it is not working
I have an addon for Firefox which modifies a page at http://target.com with data from http://data.com. It does this by making an XMLHttpRequest() in the addon javascript and modifying the webpage accordingly. Neither the target nor the source servers are under my control.
This all worked fine until the target.com website changed to using https. As I was loading data from an http: address I got the following error:
Blocked loading mixed active content
Fortunately data.com also supports https, so I changed the data lookup address to https://data.com, and then I got
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://data.com
I read here that I could add the following to my package.json
"permissions": {
"cross-domain-content": ["https://data.com"]
}
And now I don't get any errors, but the Developer Tools Network page doesn't show any connections being made.
Have I hit a dead end? I understand that CORS requires server support but I assumed that as it worked prior to the target server moving to https it would still work now.
Cheers
Rich
That is one of the issues with using libraries (and not Firefox API)
Try using the native Firefox API eg: Connecting to Remote Content
Native Firefox API runs in the browser scope so there is no CORS to consider.
I'm opening the page on two computers, both ip and localhost tried:
Strangely, for one computer, the http://192.168.1.100/dev didn't work and http://localhost/dev did. For the other, neither worked. It says,
Image from origin 'null' has been blocked from loading by Cross-Origin Resource Sharing policy: Received an invalid response. Origin 'http://localhost' is therefore not allowed access.
None of the answers I found seem to work. And I don't understand why it only worked on localhost on one computer. Any suggestions?
Edit:
Browser: Chrome Version 34.0.1847.11 beta
http://127.0.0.1/dev didn't work either
The uploaded version on server didn't work either
It turns out, it was the AdBlock plugin that blocked the file.
The name of the directory containing the blocked file was AD16. Somehow the other AD01, AD09, AD22, AD27 worked fine, but not AD16.
Disabling AdBlock and everything works fine.
The same problem would have occurred on any chrome with the plugin on, so we changed the name of the directory to AD_16.
Today I attempted to browse a new feature recently deployed to our testing environment (NOT LOCAL). After navigating to the new feature I was met with a blank page. Confused, I checked Chrome's console and found an error:
XMLHttpRequest cannot load https://test.mytestsite.com/SomeApplication/api/SomeController/SomeMethod/8?Id=523283&SecondId=1612w3426653.
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://test.mytestsite.com' is therefore not allowed access.
This code makes an ajax call to a WebAPI (on the same domain) to retrieve some information on document.Ready. I understand the error and I'm familiar with it's typical cause. However, this call is being made from within the same domain AND it works for the other developers on my team.
Symptoms:
- Does not work for IE or Chrome/Incognito
- Does work for FireFox
- Works on all browsers for at least 4 other developers on the same domain that I reside on. (Indicating to me that this is an environmental issue)
Possible causes:
- I was doing some CORS research several weeks ago and perhaps I configured some Windows 7 setting to cause this to happen?
Google is saturated with the standard CORS issues, so I'm asking here and hopefully someone can help.
The issue at hand was due to inconsistencies between environments.
In our production environment SSL is enforced with a redirect in IIS, while in our testing environment it is not. I was navigating to the site via a bookmark using http. Updating the bookmark, as #epascarello suggested, fixed the problem.