Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[orion-dev] Questions about "orion.edit.editor"


We are experimenting with the "orion.edit.editor" extension point, and encountered several authentication and cross-origin-resource-sharing (CORS) problems.

We installed Pixlr ( on OrionHub. When opening a PNG file, the editor couldn't be loaded: The text "Loading content from plugin…" is the only thing we can see.

There are mainly two aspects of plugged-in editors that we don't understand.

  1. Authentication. We saw that an authentication plugin (built-authenticationPlugin.js) was contacted, and a login was successful. But this successful login appeared not to contribute anything for the Pixlr editor to fetch the content from OrionHub. Actually we didn't see anything in traffic that Pixlr ever contacted OrionHub for the content. Can somebody help us understand how Orion delivers protected content to a foreign editor?
  2. CORS. As OrionHub and Pixlr are on the different server, there should be a problem when they try to fetch content from each other. There are several ways to work around the restriction. For instance, write a server-side script at the editor side to respond with a special header entry "Access-Control-Allow-Origin". But we want to know how Orion handles this situation, because we want to stay 100% compliant when we develop an Orion plugin.
Thanks for your help.

Best regards,

Back to the top