PDF.js Message: file origin does not match viewer's (Amazon S3)

Question

In a Rails app, using the pdfjs_viewer-rails gem (https://github.com/senny/pdfjs_viewer-rails), I keep seeing this error:

PDF.js v1.3.91 (build: d1e83b5)
Message: file origin does not match viewer's

I presume this is because the PDF is hosted on Amazon S3, and I have read through the discussion of CORS here (https://github.com/mozilla/pdf.js/wiki/Frequently-Asked-Questions#faq-xhr). However, I have been unable to assemble a COSR configuration that works.

My current bucket configuration is:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
    <CORSRule>
        <AllowedOrigin>*</AllowedOrigin>
        <AllowedMethod>GET</AllowedMethod>
        <AllowedHeader>Range</AllowedHeader>
        <MaxAgeSeconds>3000</MaxAgeSeconds>
        <ExposeHeader>Accept-Ranges</ExposeHeader>
        <ExposeHeader>Content-Range</ExposeHeader>
        <ExposeHeader>Content-Encoding</ExposeHeader>
        <ExposeHeader>Content-Length</ExposeHeader>
        <AllowedHeader>Authorization</AllowedHeader>
    </CORSRule>
</CORSConfiguration>

and just to be safe, in my rails app I have:

config.action_dispatch.default_headers = {
      'Access-Control-Allow-Origin' => '*',
      'Access-Control-Request-Method' => %w{GET}.join(",")
    }

Has anyone else been able to overcome this? Does anyone know of a CORS policy that works with pdf.js and amazon s3?

Answer 1

In my case the problem was not CORS related. I had to overwrite /pdfjs_viewer/viewer.js and include my development and production urls in the HOSTED_VIEWER_ORIGINS declaration around line 7000.

Answer 2

If you want to bypass spoofing detection, you can use

gem 'pdfjs_viewer-rails', :github => 'MattFenelon/pdfjs_viewer-rails', ref:'615bfd2'