UI version ‘10.2.3’
Core version ‘10.2.3’
webviewer.min.js ‘10.2.3’
When I’m trying to load PDF into WebViewer, receiving such CORS issue.
Access to XMLHttpRequest at ‘https://devstoreaccount1..localhost.test//be0b3d49-8f1b-48d3-a7d0-b066009f6800/16f3bde4-3322-4cad-98e0-d1761fb97c0a/DA9871E032883537F8A2BF5772FA4EF5.pdf?sv=2021-10-04&st=2023-08-22T12%3A33%3A14Z&se=2023-08-29T12%3A33%3A14Z&sr=b&sp=r&sig=wOw3lHzoAP%2FWZM56np%2F93%2Fh%2BvoZ8EgIbLWK6ANu8sz4%3D’ (redirected from ‘https://.localhost.test/api/core/download?token=token_here’) from origin 'https://.localhost.test’ has been blocked by CORS policy: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be the wildcard ‘*’ when the request’s credentials mode is ‘include’. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.
Part of URI’s hidden because contain sensitive information.
CORS Allowed Origins set to * on the server, from where file downloaded, like it stated in error message.
I’ve tried to use withCredentials in next way:
WebViewer(
{
...configuration,
disabledElements: ['menuButton', 'contextMenuPopup'],
enableFilePicker: false,
enableRedaction: false,
enableAnnotations: false,
isReadOnly: true,
},
viewer.current,
).then((inst) => {
instance.current = inst
instance.current.Core.disableEmbeddedJavaScript()
instance.current.UI.loadDocument(documentPath, {
extension: reviewFile.extension,
withCredentials: false,
})
.....
but it does not help.
Changing CORS Allowed Origins on file server helps, but it is not the good case because of other reasons.
What is correct usage of withCredentials ??