[SOLVED] Crossdomain.xml 'Access-Control-Allow-Origin' on github

I got this glb-file on github:

And I want to load it here (paste in name and click button) https://playcanv.as/b/OU8X59sj/

  • this does not work, whereas this file does:


Is it possible to manage my github profile and or github-path to make it work? [just in case anybody knows]

(ps: I am aware of policy at https://github.com/crossdomain.xml)

You have to access the ‘raw’ path.


ok, tried that already - it was just in case you guys knew more, as I am trying to make guidelines for users who can access a/my easy access ‘glb viewer’ (made in PC and uploaded as a shell glb-loader)

As in it didn’t work?

Seems fine here: https://playcanvas.com/viewer?load=https://raw.githubusercontent.com/FutureFireplace/playcanvasTest/4fce200d2a0041f66a1c30172f8d4aed1b461e15/Astron.glb

Hmm weird, it did not work yesterday, and now I see it works here at my own link too: https://playcanv.as/b/OU8X59sj/

  • is there maybe some kind of waiting period on the raw.githubusercontent.com-server?

So yes that astronaut works perfect both places now - here is my draft to a websource for my own enhanced/shell:

“In order to use this viewer, you must upload your glb-file to a website folder, for then to write in this URL in the app’s textfield; “External glb-URL”. Websites can have CORS-policies in order to uphold security standards at different access levels and/or website folder locations. When a user opens your glb-file on this viewer, the security is already high on beforehand, as the data-flow is exerted from-server-to-client. Data is NOT being transferred client-to-server. Make sure that your website or - if higher security is needed - website folder, do not contain CORS policy (a crossdomain.xml-file) that restricts cross-domain access of your uploaded glb-file.”

  • feel free to add suggestions :slight_smile:

You could also allow users to drag and drop the GLB to page instead needing to upload the file somewhere. This is what we do with the PlayCanvas Viewer (which is open source too)


Source: https://github.com/playcanvas/playcanvas-viewer

ok, yes … I am not novell to the idea of a on-the-spot rendition setup (but, yes great that this is possible).
You might have a suspicion that I am doing a grand structure of different WebGL/PC functions, and within those the palette of sub-applications have to be somewhat unique.

My version of a viewer, can - quite naturally/logically - do things that are more dedicated to specific real-life industry branches. In this case, I want to make use of the 2048 chr long address-bar to build a shareable viewer-link 'window.open(“basedomain”+user_glblink+"?"+user_alterations); ’ (and no, the viewer-app will not be laying on a domain with SQL-access -> eliminating the possibility for SQL-injection).

So I understand that you see the draft above, as making sense security- and CORS-wise?

It’s a bit verbose and unless the reader already knows about CORs, they are unlikely to know where to best upload a file.

1 Like