[SOLVED] Crossdomain.xml 'Access-Control-Allow-Origin' on github

Thomas_Due_Nielsen · April 12, 2021, 8:01pm

I got this glb-file on github:

FutureFireplace/playcanvasTest/blob/4fce200d2a0041f66a1c30172f8d4aed1b461e15/Astron.glb

glTF4Ç+LJSON{"asset":{"version":"2.0","generator":"THREE.GLTFExporter"},"scenes":[{"nodes":[1],"name":"Astronaut"}],"scene":0,"nodes":[{"name":"node-0","mesh":0},{"name":"Astronaut.glb","children":[0]}],"bufferViews":[{"buffer":0,"byteOffset":0,"byteLength":57744,"target":34962,"byteStride":12},{"buffer":0,"byteOffset":57744,"byteLength":57744,"target":34962,"byteStride":12},{"buffer":0,"byteOffset":115488,"byteLength":38496,"target":34962,"byteStride":8},{"buffer":0,"byteOffset":153984,"byteLength":9624,"target":34963},{"buffer":0,"byteOffset":163608,"byteLength":2703796}],"buffers":[{"byteLength":2867404}],"accessors":[{"bufferView":0,"componentType":5126,"count":4812,"max":[0.5598490238189697,2.0108470916748047,0.35558950901031494],"min":[-0.5598490238189697,0,-0.36792251467704773],"type":"VEC3"},{"bufferView":1,"componentType":5126,"count":4812,"max":[1,1,1],"min":[-1,-1,-1],"type":"VEC3"},{"bufferView":2,"componentType":5126,"count":4812,"max":[0.9919459819793701,-0.0031419999431818724],"min":[0.007249000016599894,-0.9937999844551086],"type":"VEC2"},{"bufferView":3,"componentType":5123,"count":4812,"max":[4811],"min":[0],"type":"SCALAR"}],"materials":[{"pbrMetallicRoughness":{"baseColorFactor":[0.5,0.5,0.5,1],"metallicFactor":0,"roughnessFactor":0.9699476628648295,"baseColorTexture":{"index":0}},"doubleSided":true,"name":"Astronaut_mat"}],"textures":[{"sampler":0,"source":0}],"samplers":[{"magFilter":9729,"minFilter":9987}],"images":[{"mimeType":"image/png","bufferView":4}],"meshes":[{"primitives":[{"mode":4,"attributes":{"POSITION":0,"NORMAL":1,"TEXCOORD_0":2},"indices":3,"material":0}]}]}  ÌÀ+BIN/<¢FS?¯Ü=ÍÜ<-¯X?Õ!>¡iW?÷®y>/<¢FS?¯Ü=¡iW?÷®y>
ÅQ?óXÓ=(E+>U?.¼Nð%>ôn?6±½i?½(E+>U?.¼i?½8?ÄCX½8õ1>Êß?½5>ïu*>(j?EÔt>B>ÊÝw?eà°=8õ1>Êß?½5>B>ÊÝw?eà°=«>Üô?¡ºÉ=«>Üô?¡ºÉ=B>ÊÝw?eà°=Nð%>ôn?6±½«>Üô?¡ºÉ=Nð%>ôn?6±½(E+>U?.¼8øÁ?Â3Á½òÑ2>·}Ã?><½ë6(>ü¯?Î½8øÁ?Â3Á½ë6(>ü¯?Î½ ¯?/Ö½ ,>Ø¯?
rW>»íB>áÉ?>ÄíÂ?Ñ@t> ,>Ø¯?
rW>ÄíÂ?Ñ@t>Ë®?y>¶hg?¡>Ó.X?·ð>.r=¿EY?>@>¶hg?¡>.r=¿EY?>@>x>Õh?>8õ1>Êß?½5>z?uæ>Ø(i?bõ>8õ1>Êß?½5>Ø(i?bõ>ïu*>(j?EÔt>/<¢FS?¯Ü=
ÅQ?óXÓ=Ø*]?ò½/<¢FS?¯Ü=Ø*]?ò½á\<e¥[?_ìý¼á\<e¥[?_ìý¼Ø*]?ò½i?½á\<e¥[?_ìý¼i?½Nð%>ôn?6±½º»=£æÎ?¢Óó¼òÑ2>·}Ã?><½8øÁ?Â3Á½º»=£æÎ?¢Óó¼8øÁ?Â3Á½tCÎ?âr<½ì>ÂÐ?ßÀä;sdU>"«Î? áM¼òÑ2>·}Ã?><½ì>ÂÐ?ßÀä;òÑ2>·}Ã?><½º»=£æÎ?¢Óó¼Y>È	Ñ?Ë=ãÂY> Ð?;ã[=sdU>"«Î? áM¼Y>È	Ñ?Ë=sdU>"«Î? áM¼ì>ÂÐ?ßÀä;7Ô=ëÉÊ?ýØ$>»íB>áÉ?>ãÂY> Ð?;ã[=7Ô=ëÉÊ?ýØ$>ãÂY> Ð?;ã[=Y>È	Ñ?Ë=7Ô=ëÉÊ?ýØ$>YlÇ?¾-X>ÄíÂ?Ñ@t>7Ô=ëÉÊ?ýØ$>ÄíÂ?Ñ@t>»íB>áÉ?>c*>¿?úzv>?ùÀ¢>z?uæ>c*>¿?úzv>z?uæ>8õ1>Êß?½5>c*>¿?úzv>8õ1>Êß?½5>«>Üô?¡ºÉ=c*>¿?úzv>«>Üô?¡ºÉ=¦t>'?¡=¦t>'?¡=«>Üô?¡ºÉ=(E+>U?.¼¦t>'?¡=(E+>U?.¼9'>À=?8Lô¼9'>À=?8Lô¼(E+>U?.¼8?ÄCX½9'>À=?8Lô¼8?ÄCX½G?x}½ë6(>ü¯?Î½9'>À=?8Lô¼G?x}½ë6(>ü¯?Î½G?x}½ ¯?/Ö½Qød>?fK6=¦t>'?¡=9'>À=?8Lô¼Qød>?fK6=9'>À=?8Lô¼ë6(>ü¯?Î½ ,>Ø¯?
rW>c*>¿?úzv>¦t>'?¡= ,>Ø¯?
rW>¦t>'?¡=Qød>?fK6= ,>Ø¯?
rW>Ë®?y>?ùÀ¢> ,>Ø¯?
rW>?ùÀ¢>c*>¿?úzv>ûËN=^öÔ?«;º»=£æÎ?¢Óó¼tCÎ?âr<½ûËN=^öÔ?«;tCÎ?âr<½¶Ô?½m¦»A´=½:Õ?â.=ì>ÂÐ?ßÀä;º»=£æÎ?¢Óó¼A´=½:Õ?â.=º»=£æÎ?¢Óó¼ûËN=^öÔ?«;!ÉÌ=è¢Ó?Vµ=Y>È	Ñ?Ë=ì>ÂÐ?ßÀä;!ÉÌ=è¢Ó?Vµ=ì>ÂÐ?ßÀä;A´=½:Õ?â.=èO=?Î?qZ >7Ô=ëÉÊ?ýØ$>Y>È	Ñ?Ë=èO=?Î?qZ >Y>È	Ñ?Ë=!ÉÌ=è¢Ó?Vµ=èO=?Î?qZ >ÞÆÊ?<£=>YlÇ?¾-X>èO=?Î?qZ >YlÇ?¾-X>7Ô=ëÉÊ?ýØ$>Ú¬=¨R>° M¼ÏÉ=ß¿Q>Xá½·EÙ=?ï=ã½Ú¬=¨R>° M¼·EÙ=?ï=ã½õ÷²=Ô
ã=ª)I»g¹|>ø=&à×ºÀ_D>Ã»ü=Ó£½ÄBM>ZºZ>À>ª½g¹|>ø=&à×ºÄBM>ZºZ>À>ª½Ï>®g>ªa?¼Ï>®g>ªa?¼k·U>=ee>¯é=P5Z>:ë><=Ï>®g>ªa?¼P5Z>:ë><=g¹|>ø=&à×º°W¨=Æ2}»xÀ=à=ÍwÀ=üL=à=°W¨=Æ2}»ÍwÀ=üL=à=mW¨=üL=Æ2}»õ÷²=Ô
ã=ª)I»_%ß=-x>N=\ªâ=ÅâW>se=õ÷²=Ô
ã=ª)I»\ªâ=ÅâW>se=Ú¬=¨R>° M¼k>üL=Æ2}»>üL=à=×3>à=k>üL=Æ2}»×3>à=±>Æ2}»±>Æ2}»JDP>q ½(|F>üL=(î¸½±>Æ2}»(|F>üL=(î¸½k>üL=Æ2}»mW¨=üL=Æ2}»ý»Þ=üL=E½ý»Þ=q ½mW¨=üL=Æ2}»ý»Þ=q ½°W¨=Æ2}»jw>âV	>×3>à=>üL=à=jw>âV	>>üL=à=¦Ö{>üL=âV	>»H¡=üL=âV	>ÍwÀ=üL=à=xÀ=à=»H¡=üL=âV	>xÀ=à=»H¡=âV	>_%ß=-x>N=P5Z>:ë><=k·U>=ee>¯é=_%ß=-x>N=k·U>=ee>¯é=\ªâ=ÅâW>se=WZÖ=ð¤Õ=âV	>^>áæ=âV	>P5Z>:ë><=WZÖ=ð¤Õ=âV	>P5Z>:ë><=_%ß=-x>N=jw>âV	>»H¡=âV	>xÀ=à=jw>âV	>xÀ=à=×3>à=°W¨=Æ2}»±>Æ2}»×3>à=°W¨=Æ2}»×3>à=xÀ=à=±>Æ2}»°W¨=Æ2}»ý»Þ=q ½±>Æ2}»ý»Þ=q ½JDP>q ½ý»Þ=q ½ý»Þ=üL=E½(|F>üL=(î¸½ý»Þ=q ½(|F>üL=(î¸½JDP>q ½ÏÉ=ß¿Q>Xá½ÄBM>ZºZ>À>ª½À_D>Ã»ü=Ó£½ÏÉ=ß¿Q>Xá½À_D>Ã»ü=Ó£½·EÙ=?ï=ã½×>í><=özW>sÞ>.9>>bJl>*¥>ü4>×>í><=bJl>*¥>ü4>îy>¼v>'<T§=¯ìÖ>nÜ2>IÅ=Ì
>ªdð=bJl>*¥>ü4>T§=¯ìÖ>nÜ2>b

This file has been truncated. show original

And I want to load it here (paste in name and click button) https://playcanv.as/b/OU8X59sj/

this does not work, whereas this file does:

https://modelviewer.dev/shared-assets/models/Astronaut.glb

Is it possible to manage my github profile and or github-path to make it work? [just in case anybody knows]

(ps: I am aware of policy at https://github.com/crossdomain.xml)

yaustar · April 12, 2021, 10:35pm

You have to access the ‘raw’ path.

https://raw.githubusercontent.com/FutureFireplace/playcanvasTest/4fce200d2a0041f66a1c30172f8d4aed1b461e15/Astron.glb

Thomas_Due_Nielsen · April 21, 2021, 9:17am

ok, tried that already - it was just in case you guys knew more, as I am trying to make guidelines for users who can access a/my easy access ‘glb viewer’ (made in PC and uploaded as a shell glb-loader)

yaustar · April 21, 2021, 9:43am

As in it didn’t work?

Seems fine here: https://playcanvas.com/viewer?load=https://raw.githubusercontent.com/FutureFireplace/playcanvasTest/4fce200d2a0041f66a1c30172f8d4aed1b461e15/Astron.glb

Thomas_Due_Nielsen · April 21, 2021, 10:05am

Hmm weird, it did not work yesterday, and now I see it works here at my own link too: https://playcanv.as/b/OU8X59sj/

is there maybe some kind of waiting period on the raw.githubusercontent.com-server?

So yes that astronaut works perfect both places now - here is my draft to a websource for my own enhanced/shell:

“In order to use this viewer, you must upload your glb-file to a website folder, for then to write in this URL in the app’s textfield; “External glb-URL”. Websites can have CORS-policies in order to uphold security standards at different access levels and/or website folder locations. When a user opens your glb-file on this viewer, the security is already high on beforehand, as the data-flow is exerted from-server-to-client. Data is NOT being transferred client-to-server. Make sure that your website or - if higher security is needed - website folder, do not contain CORS policy (a crossdomain.xml-file) that restricts cross-domain access of your uploaded glb-file.”

feel free to add suggestions

yaustar · April 21, 2021, 10:16am

You could also allow users to drag and drop the GLB to page instead needing to upload the file somewhere. This is what we do with the PlayCanvas Viewer (which is open source too)

https://playcanvas.com/viewer

Source: https://github.com/playcanvas/playcanvas-viewer

Thomas_Due_Nielsen · April 21, 2021, 10:29am

ok, yes … I am not novell to the idea of a on-the-spot rendition setup (but, yes great that this is possible).
You might have a suspicion that I am doing a grand structure of different WebGL/PC functions, and within those the palette of sub-applications have to be somewhat unique.

My version of a viewer, can - quite naturally/logically - do things that are more dedicated to specific real-life industry branches. In this case, I want to make use of the 2048 chr long address-bar to build a shareable viewer-link 'window.open(“basedomain”+user_glblink+"?"+user_alterations); ’ (and no, the viewer-app will not be laying on a domain with SQL-access -> eliminating the possibility for SQL-injection).

So I understand that you see the draft above, as making sense security- and CORS-wise?

yaustar · April 21, 2021, 10:30am

It’s a bit verbose and unless the reader already knows about CORs, they are unlikely to know where to best upload a file.