Daniel-KM / Omeka-S-module-IiifServer

IIIF Server is a module for Omeka S that adds the IIIF specifications to serve any images and medias.
Other
17 stars 11 forks source link

`add` statements for CORS header creates syntax error #45

Closed mquantin closed 8 months ago

mquantin commented 1 year ago

Hello, I'm very new in IIIF, I just installed IIIF server and image server in my omek-Sv4 instance. It seems to work fine locally:

BUT when I try to use the manifest elsewhere on the web, I allways get error. example

None of them are reading my manifests. but they succeed in reading other manifests I found on the web.

Is there anything I did wrong? Maybe something with CORS. I have these lines:

<Directory "_directory_">
    Options FollowSymLinks
    AllowOverrides All
    Require all granted
    <IfModule mod_headers.c>
        Header setIfEmpty Access-Control-Allow-Origin "*"
        Header setIfEmpty Access-Control-Allow-Headers "origin, x-requested-with, content-type"
        Header setIfEmpty Access-Control-Allow-Methods "GET, POST"
    </IfModule>
</Directory>

in my /etc/apache2/available-site (which is enabled and in use)

It may also be the proxies of the virtual machine hosting service creating restrictions in CORS. But I don't know how to ask/debug this since I have no log for the errors...

Thanks for you help

mquantin commented 1 year ago

OK part of the problem is solved on the cluster side. NOW the problem remains on the server side.

CORS error was The 'Access-Control-Allow-Origin' header contains multiple values '*, *', but only one is allowed. blabla. indeed the header was Access-Control-Allow-Origin *,* mmmmh *,* :thinking: It started working after I commented out the line as follow

<Directory "_directory_">
    Options FollowSymLinks
    AllowOverrides All
    Require all granted
    <IfModule mod_headers.c>
#      Header setIfEmpty Access-Control-Allow-Origin "*"
        Header setIfEmpty Access-Control-Allow-Headers "origin, x-requested-with, content-type"
        Header setIfEmpty Access-Control-Allow-Methods "GET, POST"
    </IfModule>
</Directory>

So there is somewhere the header is written with Header add Access-Control-Allow-Origin "*" or something like this. -> add is bad Then I investigated, and I discovered there are a couple of lines with this instruction:

/omeka-s/modules/IiifServer/src/Controller/MediaController.php:154:            ->addHeaderLine('access-control-allow-origin', '*')
/omeka-s/modules/IiifServer/src/Controller/NoopServerController.php:90:            ->addHeaderLine('access-control-allow-origin', '*')
/omeka-s/modules/IiifServer/src/Mvc/Controller/Plugin/IiifJsonLd.php:71:        $headers->addHeaderLine('Access-Control-Allow-Origin', '*');
/omeka-s/modules/IiifServer/src/Mvc/Controller/Plugin/IiifImageJsonLd.php:71:        $headers->addHeaderLine('Access-Control-Allow-Origin', '*'

and also

/omeka-s/modules/ImageServer/src/Controller/ImageController.php:258:                    ->addHeaderLine('Access-Control-Allow-Origin', '*');
/omeka-s/modules/ImageServer/src/Controller/ImageController.php:286:                    ->addHeaderLine('Access-Control-Allow-Origin', '*');

could you please have a look and make sure it's the right way to do it? I think writing the CORS header within a module is not a good practice...

mquantin commented 1 year ago

OK I can see there is are changes in the dev git code for this topic I can read "add CORS header" as an option with false as default. Good :D thanks! Still It would be great not to break the header with *, * for example if set elsewhere (in apache for ex) and option set to true (by ignorance).

Daniel-KM commented 1 year ago

Je peux changer la ligne, mais je ne comprends pas comment on peut mettre l'entête CORS à ", " ? Php ne peut pas savoir ce qu'ajoute Apache.

mquantin commented 12 months ago

ah merci pour votre retour. désolé j'avais pas vu cette notification. Effectivement php ne peux pas savoir ce que va ajouter apache. Mais si l'entête CORS est configuré dans apache et qu'on ne peut pas y toucher. et si le module omeka ajoute (via php) des éléments dans l'entête aussi. alors on se retrouve avec une entête pourrie !

Ce serait chouette que ce soit une option du module et pas un ajout silencieux (j'ai pris du temps à comprendre qui faisait quoi). Je n'ai pas essayé la version dev du module qui semble proposer l'option d'écrire ou non l'entête CORS (iiifserver_manifest_append_cors_headers).

J'ai cru voir que Zend permet uniquement d'ajouter des éléments au header (addHeaderLine()) et ne permet pas de faire une opération type Header setIfEmpty. C'est dommage.

Daniel-KM commented 8 months ago

L'option permet de ne pas ajouter l'entête cors.