Omeka S on Cloudron as host for embedded exhibits - CORS

GeHo

We are using Omeka S on Cloudron as an host for several online exhibitions.

Because something like https://omeka.<cloudron>.<tld>/s/<my-exhibit> is not a very nice and memorable URL, we would like to embed these exhibits in our primary website to get URLs like https://www.<museum>.<tld>/virtual-exhibits/<my-exhibit>.

We configured our nginx to handle these URLs and to get the content from Omeka, but we ran into a Cross-Origin Resource Sharing (CORS) issue. Searching the forum i found several entries regarding to CORS (e.g. Bug: CORS error), but there doesn't seem to be a consistent solution. In https://forum.cloudron.io/post/64706 @girish gives a quick workaround, but this is not consistent.

As this issue wasn't addressed in the specific forum and time goes by, i wonder if someone knows a solution for the scenario above. I'm pretty sure I am not the only one with this requirement.

girish

@GeHo If I understood your setup correctly, you configured nginx to translate www.<museum>.<tld> calls to your omeka.<cloudron>.<tld> ? If this is the case, then there shouldn't be any CORS issue. CORS issue is hit when the browser makes requests directly to omeka when you visit your main site and thus bypassing your nginx. Why do you think this is a CORS issue?

nebulon

Also how is the embedding happening on the main site? Are you adding an iframe or is there some other way with omeka-s to integrate?

jeau

@GeHo I understand that your main site is not an Omeka installation and that you attempt to integrate each exhibit with an iframe as @nebulon suggests. Is this the case? The CORS issue could come from this approach.

I can suggest a solution for URLs. You can rename your Omeka site from https://omeka.<cloudron>.<tld> to https://virtual-exhibits.<museum>.<tld> or you can configure a web redirection from https://omeka.<cloudron>.<tld> to https://virtual-exhibits.<museum>.<tld>. Then configure the rewriting of the right-hand part of the URL by using Omeka-S-module-CleanUrl or by inserting rewriting rules in the .htaccess file at the root of your Omeka installation. You can modify the .htaccess file.

To integrate an Omeka exhibit into a site. I've tested it and it seems to work.

• one of my Omeka exhibits: https://horae-pictavenses.fr/s/hp/page/accueil
• within an iframe: https://tools.mexina.fr/iframe/
• an experimental exhibit that uses external IIIF references: https://graffitheque.eu/s/site/page/welcome
• within an iframe: https://tools.mexina.fr/iframe/graf.html

GeHo

@jeau Thanks for the suggestions, and sorry for replying this late. However: Happy New Year!

I don't think that using iFrames to embed an omeka exhibition is very convenient for the user, because he loses the ability to refer to or set a bookmark for a specific page.

GeHo

@girish

Why do you think this is a CORS issue?

Because the HTML itself delievered by Omeka loads scripts, images, css etc. from the domain of origin. This causes the CORS issues.

girish

@GeHo said in Omeka S on Cloudron as host for embedded exhibits - CORS:

Because the HTML itself delievered by Omeka loads scripts, images, css etc. from the domain of origin. This causes the CORS issues.

aren't all these covered by same origin policy exceptions ? https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#cross-origin_network_access