New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS issue for Embedded PDFs #525
Comments
CORS stands for "Cross-Origin Resource Sharing". It's a security feature implemented by web browsers to prevent potentially malicious actions coming from web pages that are not from the same origin as the main website. Here's a quick breakdown:
In the problem you described, the PDF hosted on Notion is not allowing your website (running on a subdomain) to fetch and display it due to CORS restrictions. The server (Notion in this case) needs to send a header saying that your site is allowed to access this resource. Without that, the browser blocks the request to protect the user. To fix this, you have a few options:
It's important to note that CORS is a client-side restriction. It doesn't actually secure the resource but rather prevents potentially harmful client-side actions. Actual security must be implemented server-side. Ps: I chat gpted this question |
Description
Embedded PDFs are not showing and display 'Failed to load PDF file'. In the console I get this message:
Access to fetch at 'https://file.notion.so/f/s/15cea71f-e35f-4dfd-900d-ae9ee3f5db7e/NPS_Quick_Reference_Guide.pdf?id=9e054fc7-17a7-41e3-9654-7128028c1612&table=block&spaceId=2443bf74-e5e7-4322-affd-43349a347480&expirationTimestamp=1689897600000&signature=8YGAT-os8tV8TY_A9pIF6pldG-Yru0c92fFtVYAgRHQ' from origin 'https://subdomain.mysite.com' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
Can anyone recommend an easy fix?
The text was updated successfully, but these errors were encountered: