search

samvera / serverless-iiif

IIIF Image API 2.1 & 3.0 server in an AWS Serverless Application
https://samvera.github.io/serverless-iiif/
Apache License 2.0
69 stars 21 forks source link

Using Serverless IIIF with Cloudfront and Origin Access Control #151

Closed vchettur closed 2 months ago

vchettur commented 2 months ago

I'm using AWS OAC with Cloudfront and serverless-iiif as the origin as this is a security control requirement. It appears that Mirador attempts to directly go to the origin when getting images for the main display area. Thumbnails are retrieved correctly since they go to Cloudfront. All my manifest links are for Cloudfront. This is the same behaviour when testing with the Tify viewer.

If I make the serverless-iiif public everything works as expected. It also works fine when only a single image is requested. Everything works as expected in Universal Viewer.

This points to a problem with the tiled viewer which is probably using info.json. The info.json points to the origin rather than Cloudfront.

Example manifest is: https://d101o9qk760wx4.cloudfront.net/8a5477af-11fd-4e07-bfaa-9a3f036d585b/manifest.json Browser Inspect Tile 2/1_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541682/2048,0,536,1752/134,438/0/default.jpg - error: Image load aborted tiledimage.js:1539:18 Tile 1/0_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541682/full/323,219/0/default.jpg - error: Image load aborted tiledimage.js:1539:18 Tile 2/0_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541682/0,0,2048,1752/512,438/0/default.jpg - error: Image load aborted tiledimage.js:1539:18 Tile 0/0_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541682/full/162,110/0/default.jpg - error: Image load aborted tiledimage.js:1539:18 Tile 1/0_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541683/full/257,172/0/default.jpg - error: Image load aborted tiledimage.js:1539:18 Tile 2/0_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541683/0,0,4096,2744/512,343/0/default.jpg - error: Image load aborted tiledimage.js:1539:18 Tile 2/1_0 failed to load: https://qfsyi5qmdt4whc45ggmarde4gy0ylebg.lambda-url.ca-central-1.on.aws/iiif/3/8a5477af-11fd-4e07-bfaa-9a3f036d585b/e011541683/4096,0,8,2744/1,343/0/default.jpg - error: Image load aborted tiledimage.js:1539:18

mbklein commented 2 months ago

Check the ForceHost setting on your deployment. It will tell the origin what hostname to put in the IIIF info doc that Mirador will use to retrieve the tiles. In your case (based on the manifest), you'd want to set it to d28mepmrs9xsh2.cloudfront.net.

vchettur commented 2 months ago

Thanks, Michael. That worked out very well. I was grappling with this for a couple of days.