These are chat archives for openseadragon/openseadragon

Apr 2017
Apr 28 2017 09:19

@iangilman I finally found the error after 3 days of troubleshooting! #1055 works correctly, the fault was in how ajax works with authentication. Before it sends the GET request it sends an OPTIONS request and according to specs all headers and authentication will be stripped from the OPTIONS (preflight) request, thus invoking 401 (unauthorized).

I found this guide It said I could add this to the server (or .htaccess) in order to respond OK for OPTION:
RewriteRule ^(.*)$ $1 [R=200,L]

That didn't work. I finally found this solution for .htaccess:

<LimitExcept OPTIONS>
Require valid-user

Now OSD custom tile source works with CORS and .htaccess authentication!

Apache Server config for virtual host:
Header always set Access-Control-Allow-Origin ""
Header always set Access-Control-Max-Age "1000"
Header always set Access-Control-Allow-Credentials "true"
Header always set Access-Control-Allow-Headers "X-Requested-With, Content-Type, Origin, Authorization, Accept"
Header always set Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"

OSD viewer config:
loadTilesWithAjax: true,
ajaxHeaders: {
'Authorization': 'Basic ' + btoa('username:password')

Illya Moskvin
Apr 28 2017 14:11
@iangilman I might have found a worthy addition to the "OSD in the Wild" page:
Ian Gilman
Apr 28 2017 16:29
@Joohansson Wow, bravo on getting to the bottom of it! Is there something we can do to improve #1055 so it's not such an issue? Like what if we don't send the OPTIONS request in the first place?
@Joohansson Either way, would you mind adding your findings to the thread in #1055? It would be good to have it captured there
Ian Gilman
Apr 28 2017 16:35
@IllyaMoskvin Holy cow! That's amazing! Definitely worthy :)
Ian Gilman
Apr 28 2017 16:46
@Joohansson Looks like you're ahead of me... just noticed you already added your findings to the thread... thank you! :)
@IllyaMoskvin I've tweeted it from the OSD account and added it to this thread: openseadragon/site-build#159 Looks like we're overdue for adding a bunch of items to "In the Wild". I'll see about getting around to it, but if anyone else wants to, that's great too :)