Use externally hosted PDFs (Amazon S3, etc)

[andyweiss1982]

I recently ran into a version of this error (https://github.com/mozilla/pdf.js/issues/7153) when trying to use this gem to display PDFs hosted in an Amazon S3 bucket. Originally thought I had a CORS issue but was able to solve it by overwriting /pdfjs_viewer/viewer.js and inserting my development and production urls into the HOSTED_VIEWER_ORIGINS around line 7100.

Would you be open to a pull request, either to add some documentation to the README, or to make HOSTED_VIEWER_ORIGINS dependent on an ENV variable?

[senny]

@andyweiss1982 sure 👍

Edit: Sorry for the long delay.

[rrecurse]

I too have a similar issue with S3 hosted pdf's throwing 403 Access denied errors, even after placing my appropriate URL's in the HOSTED_VIEWER_ORIGINS array.

My issue however is limited to Microsoft Edge browsers, and only Edge. I cannot replicate the issue in Chrome, Firefox, Safari etc.

Has anyone else experienced this? If so, have you a solution?

PDF.js v1.4.20 (build: b15f335) Message: Unexpected server response (403) while retrieving PDF "https://s3.amazonaws.com/myrealbucket/myrealpdf.pdf".

My CORS policy is working for S3 hosted assets such as images, across all browsers, including Edge. This issue seems to be limited to PDF's streamed through pdf.js, via MS Edge only.

My Response headers on Chrome are as follows (works great):

Accept-Ranges:bytes Access-Control-Allow-Credentials:true Access-Control-Allow-Methods:GET, POST, HEAD Access-Control-Allow-Origin:https://www.myrealdomain.com Access-Control-Expose-Headers:Accept-Ranges, Content-Range, Content-Encoding, Content-Length Cache-Control:max-age=31536000 Content-Length:65536 Content-Range:bytes 262144-327679/706927 Content-Type:application/pdf Date:Wed, 06 Jul 2016 20:41:14 GMT ETag:"8612edf919de4c67678e33469673e5e7" Expires:Fri, 12 May 2017 15:41:19 GMT Last-Modified:Thu, 12 May 2016 15:41:20 GMT Server:AmazonS3 Vary:Origin, Access-Control-Request-Headers, Access-Control-Request-Method x-amz-id-2:LfLV8oJ/iS9UrOxbbyz/EfuB/r9LxC0S+1lgMG9fDJ4Ig3OsIkdAPPnJKh1RW00Py7T3a7BiZHk= x-amz-request-id:6D9AF00B3BF4FEXX

While my Response headers on MS Edge are:

Access-Control-Allow-Credentials: true Access-Control-Allow-Methods: GET, POST, HEAD Access-Control-Allow-Origin: https://www.myrealdomain.com Access-Control-Expose-Headers: Accept-Ranges, Content-Range, Content-Encoding, Content-Length Content-Type: application/xml Date: Wed, 06 Jul 2016 20:37:55 GMT Server: AmazonS3 Transfer-Encoding: chunked Vary: Origin, Access-Control-Request-Headers, Access-Control-Request-Method x-amz-id-2: Dv77NpdsZ7ETCLfLZfCbYNlLtg19ZzQWB9UAhJzCoBRjJlXJq7wR5CHt0lyQRVxdQ4Tu62lB8tA= x-amz-request-id: 367E32B636D46BXX

I notice some obvious differences between the two, especially Content-Type (but i suspect it defaults to xml due to 403 restriction).

Any advise would be greatly appreciated.

Thanks in advance!

[fatuhoku]

Any news on this?

[agrass]

Another alternative to solve this is to use 'rack-reverse-proxy' gem. With this gem you can redirect your-domain.com/s3 -> toyour-bucket.s3.aws.com. That could be safer that other alternatives.

[adamaiken89]

'rack-reverse-proxy' gem is a good gem. However, since your file needs to send through your Rack Server, it can take pretty much time to do so.

Thus still would be good if we can configure the origin manually.

[jotolo]

Hi @andyweiss1982 any update on this?