Backendless Support
 
Solved

Disable CORS on Files

Hi

I have enabled CORS on my app. Since then i noticed that i cannot download files .i get the error below is there a permission or setting that i may use to allow access to files while keeping domain control active?

{"code":2010,"message":"Wrong domain"}

Leave a Comment

Comments (15)

photo
1

Hi,

Just to make sure we're on the same page. Did you add your domain per the instructions from the following page?

https://backendless.com/documentation/manage/mgmt_cross_origin_requests.htm

Where does the file download request originate from? A browser? Server-side code? If the browser, is the page which downloads a file loaded from the domain allowed for the CORS request?

Regards,

Mark

photo
1

Hi Mark

The file requests come from a browser as i would email the url to a user . So the link would open in a new tab with the backendless url to the file . Domain wise it would be api.backendless.com tried adding that to the domain control with no luck

photo
1

Used the cors guide in the link that you supplied . The domain restriction works and all js requests are limited to the domain but the only issue is getting files .

photo
1

What is your application id?

What is the domain name from which your code is loaded from?

photo
1

Hi Mark

the app id is 3FD54743-9943-C4CE-FF66-BD6DF7BF4E00

  • url
  • This information is shared privately in spoiler and not visible!

photo
1

  1. The file requests come from a browser as i would email the url to a user . So the link would open in a new tab with the backendless url to the file . Domain wise it would be api.backendless.com tried adding that to the domain control with no luck

So you email a link to a file to a user. They click that link and get the error you described?

In that case it makes perfect sense. You restricted access to the files ONLY for the specific domains. It means ONLY the code loaded from the specified domain can fetch the files. If a user clicks the URL in the email. the domain would simply not be there.

photo
1

ok cool i thought there may be a way or permission to allow access to files but but not data queries for cross domain.

photo
1

There is no cross domain (CORS) request when a user clicks a file URL.

photo
photo
1

hi there,

I'm using domain control in my web application. Everything works well, however I have an issue with files. Basically I can't access files when domain control is enabled. The way I use files in JS is to let a user pick an image, then upload a file to backendless using the API: Backendless.Files.upload<Promise<any>> and then from the object I get back, I get the URL from the fileURL property. This file URL property is what I eventually store in backendless as a way to easily retrieve the file to be displayed in JS. However, when domain control is enabled, I am not authorized to display the file. How should I approach this problem?

Thank you for your help

photo
1

Marco,

please provide your application id and curl which you are using to upload the file

photo
1

Thank you Sergey, Application ID: 9088AF67-1648-1726-FF09-A51862BF1A00

As I mentioned I have the URL of the file stored as a property for easy access, so in JS I simply try to display the file based on the URL, file that I previously uploaded using files.upload (backendless APIs), but once I have enabled domain control, I cannot see the files anymore, as I am not authorized. Without domain control, I can see the files.

Marco

photo
1

If you are using browser to execute code do next steps:

1. open browser developer console (alt+cmd+i for mac and F12 for linux)

2. open network panel

3. execute your code

4. find upload request and export it as curl http://take.ms/W6YMd

Provide cUrl here please

photo
1

internal ticket is BKNDLSS-17103

photo
1

We have fixed the issue for the 3.—Ö applications

photo
1

thank you Sergey, I can confirm that I have everything up and running including domain control. Appreciate the fantastic support as usual.

Marco