Hello,
Thank you for the request.
Access-Control-Allow-Origin is not a part of the Viewer it’s a W3C spec that allows cross-domain communication from the browser. By building on top of the XMLHttpRequest object, CORS allows developers to work with the same idioms as same-domain requests. More info about it you can find
here
Best regards.
Yes, I know that, but we’re not adding it to our pages. So it must be the viewer that adds that response header to its pages. How do we remove that response header from the document-viewer pages?
Hi again,
The Viewer doesn’t add such header to it’s responses, but I can assume that you have added such module:
in to the Web.Config. Please check your Web.config for such module and remove it.
Best regards.
No, there is nothing like that. Just tested with a new mvc project (v.4.6), added the viewer (v. 2.19) from NuGet, and inspected the document-viewer/ViewDocument. Then the header was added. Inside the Web.config was nothing added:
<?xml version="1.0" encoding="utf-8"?>
Hi,
Thank you for sharing the Web.Config. Could you please also share with me a screenshot of such request and headers, also share the code example which you use for the Viewer and describe your use case.
Thank you.
Use case: we want to show pdf files via a subscription, so users need to pay to view the pdf files and we don’t want them do download any files, just view them as images. That’s why we selected your tool.
But by doing a security audit they send us a couple of remarks. One of them is the allow access control header.
PDF Viewer
@Html.CreateViewerScriptLoadBlock().LoadJquery().LoadJqueryUi()
@(Html.ViewerClientCode()
.TargetElementSelector(“
pdf”)
.FilePath(“01.pdf”)
.ZoomToFitWidth(true)
.Height(900)
.Width(1024)
.DownloadPdfFileIfPossible(false)
.PreloadPagesCount(1)
.UseHtmlBasedEngine(false)
.ShowDownload(false)
.ShowFolderBrowser(false)
.UseInnerThumbnails(true)
.ShowPrint(false)
.ShowSearch(false)
.ShowThumbnails(false)
.SupportTextSelection(false)
)
you should go to:
http://localhost:53316/Home/pdfviewer
That’s really strange, because when I run the same sample with the development server I get the extra header.
For my understanding: you did not change anything at the sample project? You also used the version 2.19 of the viewer, correct?
Seems that one difference is that you are using as server: ASP.NET development server 11.0 and I’m using IIS 10.0 (express). Not sure if that made a difference.
Hi,
Yes, correct I use Viewer 2.19.0 and have changed nothing except the server. Since you have use the IIS and get such extra header it confirms that the reason of such extra header is your server configuration.
Best regards.
Ok and what if you also used IIS express? Do you get the extra header then?
Hi,
At last I was able to reproduce the issue. I will share it with our Product team and they will resolve it, then I will come back to you with the details.
Sorry for the inconvenience.