Skip to content

Content-Length header exposed in CORS configuration for remote docs breaks PDF viewer #4530

Closed
@chrisblizm

Description

@chrisblizm

Loading a remote pdf document with the viewer will not succeed if the content-length header is exposed to the browser by the remote server's CORS configuration (if the document is larger than twice the chunk size).

A local apache installation was used to demonstrate this issue with the pdfjs project viewer:
http://mozilla.github.io/pdf.js/web/viewer.html?file=//localhost/pdfjs/PDF32000_2008.PDF

The document used in testing is located here: http://www.adobe.com/content/dam/Adobe/en/devnet/acrobat/pdfs/PDF32000_2008.pdf

If the apache CORS configuration does not provide the 'expose the Content-Length header' instruction (Access-Control-Expose-Headers "content-length, accept-ranges") then the behavior of the viewer is to download the entire document before drawing any pages on the display.

If the configuration is changed to expose those headers (content-length and accept-ranges) then the behavior of the viewer is to abort the initial GET request in favor of creating a new GET specifying ranges, but only an OPTIONS preflight request is sent and response received and no further processing of the remote resource happens with the end result being no document is displayed at all.

This issue affects PDFJS.version = '0.8.1314' (generic build).

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions