We are experimenting with the "orion.edit.editor" extension point, and encountered several authentication and cross-origin-resource-sharing (CORS) problems.
There are mainly two aspects of plugged-in editors that we don't understand.
- Authentication. We saw that an authentication plugin (built-authenticationPlugin.js) was contacted, and a login was successful. But this successful login appeared not to contribute anything for the Pixlr
editor to fetch the content from OrionHub. Actually we didn't see anything in traffic that Pixlr ever contacted OrionHub for the content. Can somebody help us understand how Orion delivers protected content to a foreign editor?
- CORS. As OrionHub and Pixlr are on the different server, there should be a problem when they try to fetch content from each other. There are several ways to work around the restriction. For instance, write a server-side script at the editor side to respond
with a special header entry "Access-Control-Allow-Origin". But we want to know how Orion handles this situation, because we want
to stay 100% compliant when we develop an Orion plugin.
Thanks for your help.