X
Thinta lapha ukuze uye kuveshini yamakhalekhukhwini kusayithi.

Isithangami Sabeseki

Use offline 360 virtual tour

Kuphostiwe

Until the most recent update to firefox I used firefox to view 360 virtual tours offline on MAC and WINDOWS.

I updated firefox and now all I get is a black space where the 360 is supposed to be.

This is what the tour is supposed to look like: https://www.bigdutchmanusa.com/tours/broiler-breeder/

The attached is what comes up with the new version of firefox.

I have many clients who use these tours offline with firefox and I need to know how to fix this ASAP please.

Until the most recent update to firefox I used firefox to view 360 virtual tours offline on MAC and WINDOWS. I updated firefox and now all I get is a black space where the 360 is supposed to be. This is what the tour is supposed to look like: https://www.bigdutchmanusa.com/tours/broiler-breeder/ The attached is what comes up with the new version of firefox. I have many clients who use these tours offline with firefox and I need to know how to fix this ASAP please.
Ama-screenshot ananyekiwe
Isicaphuno

Eminye Imininingwane Yohlelo

Isisebenziso

  • I-ejenti Engumsebenzisi: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.14; rv:68.0) Gecko/20100101 Firefox/68.0

Eminye Imininingwane

Umnikazi wombuzo

Here's the HTML files in case you want to test it LINK

Here's the HTML files in case you want to test it [https://www.dropbox.com/s/ebfa2qk4jj5519m/Broiler%20and%20Breeder%20HTML.zip?dl=0 LINK]
Ingabe lokhu kube usizo kuwena?
Isicaphuno
jscher2000
  • Top 10 Contributor
8569 izisombululo 70085 izimpendulo
Kuphostiwe

Hi Tony, I have a theory.

Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and loading methods) when you open them from a file:// URL. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit.

Since you are setting up the object with a script, that may be subjected to higher restrictions than predefined objects.

Confirming the Theory

You can check for messages in Firefox's Web Console, part of the developer tools you can open in the lower part of the tab. Either:

  • "3-bar" menu button > Web Developer > Web Console
  • (menu bar) Tools > Web Developer > Web Console
  • (Windows) Ctrl+Shift+k

Then reload the page in the upper part of the tab and watch for new messages. In particular, anything similar to the following is an important clue:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///<your URL> (Reason: CORS request not http).

Related article: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp

Workaround

You can roll back the patch as follows:

(1) In a new tab, type or paste about:config in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk.

(2) In the search box above the list, type or paste uniq and pause while the list is filtered

(3) Double-click the privacy.file_unique_origin preference to switch the value from true to false

To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.

Hi Tony, I have a theory. Firefox 68 contains a security patch which restricts the kinds of files that pages can load (and loading methods) when you open them '''from a file:// URL'''. This change was made to prevent exfiltration of valuable data within reach of a local page, as demonstrated in an available exploit. Since you are setting up the object with a script, that may be subjected to higher restrictions than predefined objects. '''''Confirming the Theory''''' You can check for messages in Firefox's Web Console, part of the developer tools you can open in the lower part of the tab. Either: * "3-bar" menu button > Web Developer > Web Console * (menu bar) Tools > Web Developer > Web Console * (Windows) Ctrl+Shift+k Then reload the page in the upper part of the tab and watch for new messages. In particular, anything similar to the following is an important clue: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///<your URL> (Reason: CORS request not http). Related article: https://developer.mozilla.org/docs/Web/HTTP/CORS/Errors/CORSRequestNotHttp '''''Workaround''''' You can roll back the patch as follows: (1) In a new tab, type or paste '''about:config''' in the address bar and press Enter/Return. Click the button promising to be careful or accepting the risk. (2) In the search box above the list, type or paste '''uniq''' and pause while the list is filtered (3) Double-click the '''privacy.file_unique_origin''' preference to switch the value from true to false To mitigate the vulnerability: If you save pages from untrusted sites in a separate folder, e.g., Downloads\Untrusted, then it would be difficult for an attacker to find any valuable content using local file links.
Ingabe lokhu kube usizo kuwena?
Isicaphuno

Umnikazi wombuzo

Thank you very much for your reply.

My main issue is this....

My clients need to be able to play these tours offline, and they aren't going to know how, or want to do any special config's to make them work, so it's my job now to figure out how to make firefox work again... :-(

Attached are the alerts I'm getting.

Thank you very much for your reply. My main issue is this.... My clients need to be able to play these tours offline, and they aren't going to know how, or want to do any special config's to make them work, so it's my job now to figure out how to make firefox work again... :-( Attached are the alerts I'm getting.
Ingabe lokhu kube usizo kuwena?
Isicaphuno
jscher2000
  • Top 10 Contributor
8569 izisombululo 70085 izimpendulo
Kuphostiwe

Unfortunately, those messages don't provide specific enough information. These are the messages I get:

(1) Fonts not loading

Many like this:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///C:/<redacted>/Broiler%20and%20Breeder%20HTML/fonts/Oswald-RegularItalic.ttf

(2) WebGL texture not loading

Error: WebGL warning: texImage2D: Cross-origin elements require CORS.

These CORS (cross-origin) errors are due to the security patch in Firefox 68.


If I make the about:config preference change I mentioned before and reload the page (Ctrl+r), then I get warehouses.

I realize this is inconvenient for your clients to have to change a setting, but obviously you can blame it on Firefox fixing a security issue.


I thought I would compare in Chrome, and I get a popup that says "This virtual tour cannot be played from a local drive. Please upload it to the internet and try again."

I don't know whether that is due to my configuration, or something built-in to the library you're using.

Unfortunately, those messages don't provide specific enough information. These are the messages I get: (1) Fonts not loading Many like this: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at file:///C:/<redacted>/Broiler%20and%20Breeder%20HTML/fonts/Oswald-RegularItalic.ttf (2) WebGL texture not loading Error: WebGL warning: texImage2D: Cross-origin elements require CORS. These CORS (cross-origin) errors are due to the security patch in Firefox 68. ---- If I make the about:config preference change I mentioned before and reload the page (Ctrl+r), then I get warehouses. I realize this is inconvenient for your clients to have to change a setting, but obviously you can blame it on Firefox fixing a security issue. ---- I thought I would compare in Chrome, and I get a popup that says "This virtual tour cannot be played from a local drive. Please upload it to the internet and try again." I don't know whether that is due to my configuration, or something built-in to the library you're using.
Ingabe lokhu kube usizo kuwena?
Isicaphuno

Umnikazi wombuzo

Thanks again.

FireFox has been the only browser that would let me play the tours offline, but I guess I now need to find a different solution.

I appreciate your help.

Thanks again. FireFox has been the only browser that would let me play the tours offline, but I guess I now need to find a different solution. I appreciate your help.
Ingabe lokhu kube usizo kuwena?
Isicaphuno
Buza umbuzo

Kufanele ulogele ukungena ku-akhawunti yakho ukuze uphendule amaphosti. Uyacelwauqale umbuzo omusha, uma ungekabi nayo i-akhawunti namanje.