fix: allow foreign origins to display pdfs

datacamp-engineering · Jul 3, 2020 · 2fa4097 · 2fa4097
1 parent fe3df49
commit 2fa4097
Show file tree

Hide file tree

Showing 2 changed files with 34 additions and 33 deletions.
diff --git a/.nvmrc b/.nvmrc
@@ -0,0 +1 @@
+v12.18.2
diff --git a/web/app.js b/web/app.js
@@ -1818,40 +1818,40 @@ const PDFViewerApplication = {
 
 let validateFileURL;
 if (typeof PDFJSDev === "undefined" || PDFJSDev.test("GENERIC")) {
-  const HOSTED_VIEWER_ORIGINS = [
-    "null",
-    "http://mozilla.github.io",
-    "https://mozilla.github.io",
-  ];
+  // const HOSTED_VIEWER_ORIGINS = [
+  //   "null",
+  //   "http://mozilla.github.io",
+  //   "https://mozilla.github.io",
+  // ];
   validateFileURL = function (file) {
-    if (file === undefined) {
-      return;
-    }
-    try {
-      const viewerOrigin = new URL(window.location.href).origin || "null";
-      if (HOSTED_VIEWER_ORIGINS.includes(viewerOrigin)) {
-        // Hosted or local viewer, allow for any file locations
-        return;
-      }
-      const { origin, protocol } = new URL(file, window.location.href);
-      // Removing of the following line will not guarantee that the viewer will
-      // start accepting URLs from foreign origin -- CORS headers on the remote
-      // server must be properly configured.
-      // IE10 / IE11 does not include an origin in `blob:`-URLs. So don't block
-      // any blob:-URL. The browser's same-origin policy will block requests to
-      // blob:-URLs from other origins, so this is safe.
-      if (origin !== viewerOrigin && protocol !== "blob:") {
-        throw new Error("file origin does not match viewer's");
-      }
-    } catch (ex) {
-      const message = ex && ex.message;
-      PDFViewerApplication.l10n
-        .get("loading_error", null, "An error occurred while loading the PDF.")
-        .then(loadingErrorMessage => {
-          PDFViewerApplication.error(loadingErrorMessage, { message });
-        });
-      throw ex;
-    }
+    // if (file === undefined) {
+    //   return;
+    // }
+    // try {
+    //   const viewerOrigin = new URL(window.location.href).origin || "null";
+    //   if (HOSTED_VIEWER_ORIGINS.includes(viewerOrigin)) {
+    //     // Hosted or local viewer, allow for any file locations
+    //     return;
+    //   }
+    //   const { origin, protocol } = new URL(file, window.location.href);
+    //   // Removing of the following line will not guarantee that the viewer will
+    //   // start accepting URLs from foreign origin -- CORS headers on the remote
+    //   // server must be properly configured.
+    //   // IE10 / IE11 does not include an origin in `blob:`-URLs. So don't block
+    //   // any blob:-URL. The browser's same-origin policy will block requests to
+    //   // blob:-URLs from other origins, so this is safe.
+    //   if (origin !== viewerOrigin && protocol !== "blob:") {
+    //     throw new Error("file origin does not match viewer's");
+    //   }
+    // } catch (ex) {
+    //   const message = ex && ex.message;
+    //   PDFViewerApplication.l10n
+    //     .get("loading_error", null, "An error occurred while loading the PDF.")
+    //     .then(loadingErrorMessage => {
+    //       PDFViewerApplication.error(loadingErrorMessage, { message });
+    //     });
+    //   throw ex;
+    // }
   };
 }