PDF Conjurer CORS issue

grgrsmth · May 28, 2024, 2:32pm

Hi Zeroqode team,

I’ve been using the PDF Conjurer plugin for some time, before it was acquired by Zeroqode, but it now seems to be experiencing issues related to the most recent update.

When inserting images into the PDF, users on my app are getting errors like the one in the screengrab below.

I’ve noticed the URL of the image is preceded by https://cors-anywhere-zq.herokuapp.com/, which isn’t true of the image link this is trying to fetch. I’m assuming this is now being added in by the plugin.

The image in question is protected by privacy rules in Bubble, so it’s not available publicly. I expect this is why the ‘CORS anywhere’ service being used is returning a 403 error, because it doesn’t have the permission to access this image.

Is there a way we can opt out of having images processed through the ‘CORS anywhere’ service when they are hidden behind privacy rules?

Many thanks
–Gregor

Daniel.P · May 30, 2024, 8:51pm

Hi Gregor @grgrsmth,

Please accept my apologies for the delayed reply.

I have checked the plugin on our side and could not reproduce the error with images. Please ensure your plugin version is updated to the latest version because the issue was fixed in update 5.4.0 - "Fixed problem with CORS policy."

If you are already on the latest version, please provide us with more setup details so we can reproduce the issue on our side.

Best regards,
Daniel

grgrsmth · June 6, 2024, 9:40am

Hi Daniel,

This is still an issue I’m experiencing, even on the latest version (5.5.0).

What should happen is that an image is inserted into the header of each page of the PDF I’m generating. That image is different depending on the user, but it is always a private image, uploaded by a user to a data type and inheriting the privacy rules of that data type. I’ve put a screenshot below of how that image appears in the file manager of my Bubble app.

The user who is logged in has access to the image, and can see it if they go directly to the URL. However, if a non-logged in user tries to access the image URL, they get this:

This is an intended behaviour of a private image / privacy rules in Bubble. Previous versions of PDF Conjurer didn’t have an issue, because the process ran entirely client-side, so the user generating the PDF had the permissions to view the image.

Now, at the final step of conjuring the PDF, PDF Conjurer spits out an error and fails to generate a PDF. The error in the console is the same as the one in my original post, but I’ve posted it here for clarity.

PDF Conjurer is failing to fetch the image, but instead of simply being the normal URL of the image, https://cors-anywhere-zq.herokuapp.com/ is being added to the start. This happens regardless of the image being selected; if the image is protected behind a privacy rule, an error occurs.

I’m assuming this is because the CORS Anywhere service does not have permission to access the image, since it isn’t available publicly. Can you test your CORS Anywhere service with an image protected by Bubble privacy rules to replicate the issue? and/or can you update the plugin to allow us to opt out of images being processed by the CORS Anywhere service if it is protected by a Bubble privacy rule?

Daniel.P · June 7, 2024, 1:44pm

Hi @grgrsmth,

I wanted to let you know that we’ve replied to your post on the Bubble forum and are currently investigating the issue. We’ll get back to you with more information as soon as possible.

Thank you for your patience!

Best regards,
Daniel.