Q: My WebViewer is hosted on a different server/domain as my xod document files.
How can I get around the cross-domain scripting errors when using the HTML5 WebViewer? (CORS? JSONP?)
1. Use iframes to prevent cross-domain requests
-Host your xod documents and the WebViewer on the same host. (Since the WebViewer is making requests to a resource on the same server, no cross-domain issue here)
-Your application will use the WebViewer in an iframe.
*This is the technique that our
Cloud API uses: our server generates a URL to a hosted web document, users can then embed the URL in their own web page in an iframe.
2. Enable CORS support on your storage server
-The WebViewer uses CORS by default when the xod files are hosted on a different domain. You do not need to make any changes to or configure the WebViewer.
3. Using your application server as a proxy
-Host the WebViewer on your application server, and fetch the XOD data from the same server
-your application server would relay the requested data from the storage server to the client
-this way means extra bandwidth used on your server.
As for JSONP... Our WebViewer uses byte range requests to fetch parts from XOD file when needed. This allows us to display the document immediately (without waiting for the whole XOD document to be downloaded). Using JSONP as is would require the whole file to be downloaded before it can be displayed, therefore, we do not support it.