Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Use externally hosted PDFs (Amazon S3, etc) #12

Open
andyweiss1982 opened this issue May 22, 2016 · 6 comments · May be fixed by #18
Open

Use externally hosted PDFs (Amazon S3, etc) #12

andyweiss1982 opened this issue May 22, 2016 · 6 comments · May be fixed by #18

Comments

@andyweiss1982
Copy link

I recently ran into a version of this error (mozilla/pdf.js#7153) when trying to use this gem to display PDFs hosted in an Amazon S3 bucket. Originally thought I had a CORS issue but was able to solve it by overwriting /pdfjs_viewer/viewer.js and inserting my development and production urls into the HOSTED_VIEWER_ORIGINS around line 7100.

Would you be open to a pull request, either to add some documentation to the README, or to make HOSTED_VIEWER_ORIGINS dependent on an ENV variable?

@senny
Copy link
Owner

senny commented Jun 2, 2016

@andyweiss1982 sure 👍

Edit: Sorry for the long delay.

@rrecurse
Copy link

rrecurse commented Jul 6, 2016

I too have a similar issue with S3 hosted pdf's throwing 403 Access denied errors, even after placing my appropriate URL's in the HOSTED_VIEWER_ORIGINS array.

My issue however is limited to Microsoft Edge browsers, and only Edge. I cannot replicate the issue in Chrome, Firefox, Safari etc.

Has anyone else experienced this? If so, have you a solution?

PDF.js v1.4.20 (build: b15f335)
Message: Unexpected server response (403) while retrieving PDF "https://s3.amazonaws.com/myrealbucket/myrealpdf.pdf".

My CORS policy is working for S3 hosted assets such as images, across all browsers, including Edge. This issue seems to be limited to PDF's streamed through pdf.js, via MS Edge only.

My Response headers on Chrome are as follows (works great):

Accept-Ranges:bytes
Access-Control-Allow-Credentials:true
Access-Control-Allow-Methods:GET, POST, HEAD
Access-Control-Allow-Origin:https://www.myrealdomain.com
Access-Control-Expose-Headers:Accept-Ranges, Content-Range, Content-Encoding, Content-Length
Cache-Control:max-age=31536000
Content-Length:65536
Content-Range:bytes 262144-327679/706927
Content-Type:application/pdf
Date:Wed, 06 Jul 2016 20:41:14 GMT
ETag:"8612edf919de4c67678e33469673e5e7"
Expires:Fri, 12 May 2017 15:41:19 GMT
Last-Modified:Thu, 12 May 2016 15:41:20 GMT
Server:AmazonS3
Vary:Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2:LfLV8oJ/iS9UrOxbbyz/EfuB/r9LxC0S+1lgMG9fDJ4Ig3OsIkdAPPnJKh1RW00Py7T3a7BiZHk=
x-amz-request-id:6D9AF00B3BF4FEXX

While my Response headers on MS Edge are:

Access-Control-Allow-Credentials: true
Access-Control-Allow-Methods: GET, POST, HEAD
Access-Control-Allow-Origin: https://www.myrealdomain.com
Access-Control-Expose-Headers: Accept-Ranges, Content-Range, Content-Encoding, Content-Length
Content-Type: application/xml
Date: Wed, 06 Jul 2016 20:37:55 GMT
Server: AmazonS3
Transfer-Encoding: chunked
Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method
x-amz-id-2: Dv77NpdsZ7ETCLfLZfCbYNlLtg19ZzQWB9UAhJzCoBRjJlXJq7wR5CHt0lyQRVxdQ4Tu62lB8tA=
x-amz-request-id: 367E32B636D46BXX

I notice some obvious differences between the two, especially Content-Type (but i suspect it defaults to xml due to 403 restriction).

Any advise would be greatly appreciated.

Thanks in advance!

@siegy22 siegy22 linked a pull request Jul 29, 2016 that will close this issue
@fatuhoku
Copy link

Any news on this?

@agrass
Copy link

agrass commented Dec 28, 2016

Another alternative to solve this is to use 'rack-reverse-proxy' gem. With this gem you can redirect your-domain.com/s3 -> to your-bucket.s3.aws.com. That could be safer that other alternatives.

@adamaiken89
Copy link

'rack-reverse-proxy' gem is a good gem. However, since your file needs to send through your Rack Server, it can take pretty much time to do so.

Thus still would be good if we can configure the origin manually.

@jotolo
Copy link

jotolo commented Oct 27, 2022

Hi @andyweiss1982 any update on this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

7 participants