Open cheonhyangzhang opened 7 years ago
This is the commit that introduced the anonymous crossorigin: https://github.com/googlevr/vrview/commit/0fec8102354fb0b6b936bd7c5d7097125aa42e19
I tried setting it to 'use-credentials' instead and everything seems to work. Someone just needs to test it in iOS: https://github.com/googlevr/vrview/pull/193
@lincolnfrog wow cool I can try to test this in iOS.
Thanks! Let me know how it goes. Again, here is the PR: https://github.com/googlevr/vrview/pull/193
Hmm I found it's still not working on Mac Chrome.
I saw iframe created by the lib is
<iframe allowfullscreen="true" scrolling="no" width="100%" height="100%" src="/bula/bula/bula/embedded-content.html?is_stereo=false&is_vr_off=true&is_autopan_off=false&video=/somepath/360testvideo.mp4" style="border: 0px;"></iframe>
I saw the request to /bula/bula/bula/embedded-content.html is still not with Authorization header.
In embed.js, adaptive-player.js, sphere-renderer.js I noticed that the crossorigin property is set to be anonymous which means there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication as described in the Terminology section of the CORS specification.
What's the purpose of making this to be anonymous?
Current I am using vrview js to load the url of a video where the url is protected by the Basic Auth. E.g the page is www.example.com/page then the video is www.example.com/assets/video.mp4. Then when I hit the www.example.com/page in the browser, it asks for basic auth, then I input the user name and password, then the page will load while the video is not loading. When I check the request in the network tab of the browser, I can see the request returns a 401 Unauthorized and it's saying no authorization information is passed in.
So I am guessing when the vrview lib is making request to retrieve the video content, somehow it's not passing the basic auth information, basically the header Authorization : Basic 2dsjdslkfsahgasldjflaksjdflasnv .