We are using pdf js express viewer version. We did host the component files from node modules and the config files to one of our CDN servers and to access those files from different origin we need to keep on adding new origins to configorigin.txt file. So my question is, are there any other alternate solutions or way around for this issue.
Which product are you using?
PDF.js Express Version
Detailed description of issue
{Description here}
Expected behaviour
{Provide a screenshot or description of the expected behaviour}
Does your issue happen with every document, or just one?
{Answer here}
Link to document
{Provide a link to the document in question if possible}
Code snippet
{Provide a relevant code snippet}
Hello kishan.senjaliya,
The configorigin.txt is only necessary when loading WebViewer files from another domain, this is to prevent XSS attacks. You can read more here: Config Files for JavaScript PDF Viewer | Apryse documentation since you will be loading JS from other domains.
The only way around that would be to host the files on the same domain, thus resulting in not needing the configorigin.txt
Best regards,
Tyler
Hello
we are trying to load it from different domains and its working perfectly with configorigin.txt. Apart from adding into config origin is there any other way to access config files from different domain?
Hello kishan.senjaliya,
Since the config files are essentially loading code to be run in the iframe context, which can be dangerous, which is why we require the configorigin.txt
Adding another way to bypass the configorigin.txt would be a security vulnerability, allowing actors to run arbitrary javascript.
Best regards,
Tyler
Hello
Yes i get that. Is it possible we can use something like this in configorigin.txt file, so that we dont need to keep on adding new origins.
https://*.pdftron.com