aframe: CORS error when doing inline URLs

When adding a url as such:

<a-sphere material="src:url(...)"></a-sphere>

I get:

No ‘Access-Control-Allow-Origin’ header is present on the requested resource

Is it possible that inline urls could be made to allow for crossorigin as a property of the material?

Reposted here (in case it is not a bug): https://stackoverflow.com/questions/40955781/cors-inline-material-for-aframe

About this issue

Original URL
State: closed
Created 8 years ago
Comments: 23 (5 by maintainers)

Commits related to this issue

Set crossorigin=anonymous on image assets Allows loading this package's assets from unpkg.com and similar, see https://github.com/aframevr/aframe/issues/2156 — committed to snickell/aframe-material by snickell 7 years ago

Most upvoted comments

I actually DO have CORS setup on my amazon server. It works correctly when the file is added as part of the <a-assets> with crossorigin attribute.

<img id="alibrary" src="https://s3.amazonaws.com/..." crossorigin="anonymous">

The problem is when I try to set the url on the object itself not in a-assets:

<a-image src="url(...)" position="0 0 -2" width="2" height="2"></a-image>

I get the following error:

XMLHttpRequest cannot load https://s3.amazonaws.com… No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin is therefore not allowed access.

+11

msj121 on Jan 26, 2017

Made it work… Make sure you use an uppercase ‘A’ in your imageElement.setAttribute('crossorigin', 'Anonymous'); (not imageElement.setAttribute('crossorigin', 'anonymous');)

Also, I found that if there is a redirect to an AWS bucket in the mix then it wouldn’t work. I had to pre-fetch the resource, get the redirect URL and add that as the img src rather than letting aframe deal with the 302 itself.

maxleonard on Apr 2, 2019

@ngokevin Using the asset management system did not fix the issue.

<a-assets>
        <img id="asset-scene-url" src="{{location.scene_img_url}}">
<a-assets>

  <a-sky ng-click="print()" src="#asset-scene-url"></a-sky>

Where location.scene_img_ur is an s3 asset with CORS enabled. Issue still remains.

FIX can be found above. Add crossorigin=“anonymous” to the img tag within a-assets

alwell-kevin on Jun 8, 2017

Using an <img> in <a-assets> without crossorigin should work since A-Frame will auto-inject that.

I wonder about the inline URL piece though

ngokevin on Mar 29, 2017

I am still getting trouble with this. I can not use both the inline and crossorigin method from an S3 bucket. I have used Aframe React, Vanilla Aframe (mostly a-image), the asset system using <img src=whatever crossorigin="anonymous" />, and I tried to apply a texture to a plane to try and render out my image but I am not succeeding.

joselevelsup on Aug 9, 2018

@codechikbhoka not able to access your solution. could you please resend it? https://gist.github.com/codechikbhoka/3c0135b88ec1fd876377d091a19f92df url is not accessible.

Thanks in advance

SandhiyalalEIC on Apr 3, 2018

what happens is, when you request a resource from a third party, you have to mention the origin tag in the request. Then only that third party will send you response with Access-Control-Allow-Origin header. So to do this in aframe, you should add crossorigin=anonymous in your img item in your a-asset.

This should work:

https://gist.github.com/codechikbhoka/3c0135b88ec1fd876377d091a19f92df

codechikbhoka on Mar 27, 2017

If your request doesn’t specify an Origin header, S3 won’t include the CORS headers in the response.

msj121 on Jan 26, 2017