Use offline 360 virtual tour
Until the most recent update to firefox I used firefox to view 360 virtual tours offline on MAC and WINDOWS.
I updated firefox and now all I get is a black space where the 360 is supposed to be.
This is what the tour is supposed to look like: https://www.bigdutchmanusa.com/tours/broiler-breeder/
The attached is what comes up with the new version of firefox.
I have many clients who use these tours offline with firefox and I need to know how to fix this ASAP please.
Tuilleadh mionsonraí faoin chóras
- User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0
Úinéir na ceiste
Here's the HTML files in case you want to test it LINK
Hi Tony, I have a theory.
Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and loading methods) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit.
Since you are setting up the object with a script, that may be subjected to higher restrictions than predefined objects.
Confirming the Theory
You can check for messages in Firefox's Web Console, part of the developer tools you can open in the lower part of the tab. Either:
- "3-bar" menu button > Web Developer > Web Console
- (menu bar) Tools > Web Developer > Web Console
- (Windows) Ctrl+Shift+k
Then reload the page in the upper part of the tab and watch for new messages. In particular, anything similar to the following is an important clue:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///<your URL> (Reason: CORS request not http).
You can roll back the patch as follows:
(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.
(2) In the search box above the list, type or paste uniq and pause while the list is filtered
(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false
To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.
Úinéir na ceiste
Thank you very much for your reply.
My main issue is this....
My clients need to be able to play these tours offline, and they aren't going to know how, or want to do any special config's to make them work, so it's my job now to figure out how to make firefox work again... :-(
Attached are the alerts I'm getting.
Unfortunately, those messages don't provide specific enough information. These are the messages I get:
(1) Fonts not loading
Many like this:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///C:/<redacted>/Broiler%20and%20Breeder%20HTML/fonts/Oswald-RegularItalic.ttf
(2) WebGL texture not loading
Error: WebGL warning: texImage2D: Cross-origin elements require CORS.
These CORS (cross-origin) errors are due to the security patch in Firefox 68.
If I make the about:config preference change I mentioned before and reload the page (Ctrl+r), then I get warehouses.
I realize this is inconvenient for your clients to have to change a setting, but obviously you can blame it on Firefox fixing a security issue.
I thought I would compare in Chrome, and I get a popup that says "This virtual tour cannot be played from a local drive. Please upload it to the internet and try again."
I don't know whether that is due to my configuration, or something built-in to the library you're using.
Úinéir na ceiste
FireFox has been the only browser that would let me play the tours offline, but I guess I now need to find a different solution.
I appreciate your help.