You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Cross-Origin Read Blocking (CORB) the slides.svg files from loading during recording playback[bbb-playback] when the recording contents served through CDNs like S3 Bucket
#243
Open
Kernelogy opened this issue
Jun 23, 2023
· 2 comments
Is there a reason why bbb-record is processing the slides in the recordings for playback in SVG format in the latest versions of BBB.
Because of this reason the bbb-playback is getting Cross-Origin Read Blocking (CORB) for the slides if the recordings are served from CDNs like S3, R2, etc.
Those servers which do not serve recording playback contents with CDNs may not face this issue.
=========================Scenario============================
For Example:
The playback is served from https://somedomain.com/
and the other contents are served from the S3 bucket like this
In the older versions[2.4] of BBB, the bbb-record publishes the slides in the png format and in the BBB version 2.6.9 the slides are published in the svg format.
And due to this the chrome browser is blocking from reading the slide[x].svg data due to CORB during recording-playback, as we are serving the recording files via S3. (Cross Origin)
Below is the chrome console log:
Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type binary/octet-stream.
In rare cases, the CORB warning message may indicate a problem on a website, which may disrupt its behavior when certain responses are blocked. For example, a response served with a "X-Content-Type-Options: nosniff" response header and an incorrect "Content-Type" response header may be blocked. This could, for example, block an actual image which is mislabeled as "Content-Type: text/html" and "nosniff." If this occurs and interferes with a page's behavior, we recommend informing the website and requesting that they correct the "Content-Type" header for the response.
So this is what is happening with bbb-playback. All the svg files likes shapes.svg files are loading. Only the slides[x].svg files are not loading.
This is beacause the shapes.svg files contains svg content and they are rendered as/or using svg dom elements.
But the slides[x].svg files are rendered as img dom elements. So there is a mismatch in the Content-Type as stated in the documentation.
And so the X-Content-Type-Options: nosniff is having no effect which is what stated in the documentation.
So I find here the solution to be any of the below stated two:
The bbb-playback source must be modified to render the slides[x].svg as svg dom elements.
Or, the bbb-record module must stick to the older method of processing the slides as png files.
I think the second choice is easier and an immediate fix for loading the CORS contents from S3 buckets, etc and to workaround CORB.
Can anybody help me configure BBB v2..6.9 bbb-record module to export the slides as PNG files.
Thanks & Regards
The text was updated successfully, but these errors were encountered:
bigbluebutton/bigbluebutton#18204 Cross-referencing. Likely we'll merge the two issues into one, just need to check which repo is the preferred one to keep this issue in.
Is there any development regarding this issue. With a little bit of guidance I m able to help with the code part.
We can provide an option for the server admins to choose where to export the slides as PNG or SVG. Such like the recording format, whether to use MP4 or WEBM which is provided in the config file /usr/local/bigbluebutton/core/scripts/presentation.yml
Is there a reason why bbb-record is processing the slides in the recordings for playback in SVG format in the latest versions of BBB.
Because of this reason the bbb-playback is getting Cross-Origin Read Blocking (CORB) for the slides if the recordings are served from CDNs like S3, R2, etc.
Those servers which do not serve recording playback contents with CDNs may not face this issue.
=========================Scenario============================
For Example:
The playback is served from https://somedomain.com/
and the other contents are served from the S3 bucket like this
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/cursor.xml
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/metadata.xml
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/panzooms.xml
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/shapes.svg
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/tldraw.json
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/video/webcams.mp4
.
.
.
All the above files are downloaded and working fine
But the below mentioned slides are not downloading because it get blocked due to CORB.
https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687432336577/presentation/96d102ee35a77aa3849644d3fd39cf3895e73bd4-1687432336628/svgs/slide2.svg
So the slides are left blank with broken images, because it is getting blocked.
In the older versions[2.4] of BBB, the bbb-record publishes the slides in the png format and in the BBB version 2.6.9 the slides are published in the svg format.
And due to this the chrome browser is blocking from reading the slide[x].svg data due to CORB during recording-playback, as we are serving the recording files via S3. (Cross Origin)
Below is the chrome console log:
Cross-Origin Read Blocking (CORB) blocked cross-origin response with MIME type binary/octet-stream.
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://my-bucket.region.amazonaws.com/715f877b8540dc434cc4a5cd212e31d57e03d8d3-1687409533139/presentation/4fe2208ad5e2c599a0b9d2e47d3e8b18199509a5-1687409621996/svgs/slide9.svg with MIME type binary/octet-stream. See https://www.chromestatus.com/feature/5629709824032768 for more details.
According to the link here
In rare cases, the CORB warning message may indicate a problem on a website, which may disrupt its behavior when certain responses are blocked. For example, a response served with a "X-Content-Type-Options: nosniff" response header and an incorrect "Content-Type" response header may be blocked. This could, for example, block an actual image which is mislabeled as "Content-Type: text/html" and "nosniff." If this occurs and interferes with a page's behavior, we recommend informing the website and requesting that they correct the "Content-Type" header for the response.
There is a demo here to understand this.
So this is what is happening with bbb-playback. All the svg files likes shapes.svg files are loading. Only the slides[x].svg files are not loading.
This is beacause the shapes.svg files contains svg content and they are rendered as/or using svg dom elements.
But the slides[x].svg files are rendered as img dom elements. So there is a mismatch in the Content-Type as stated in the documentation.
And so the X-Content-Type-Options: nosniff is having no effect which is what stated in the documentation.
So I find here the solution to be any of the below stated two:
I think the second choice is easier and an immediate fix for loading the CORS contents from S3 buckets, etc and to workaround CORB.
Can anybody help me configure BBB v2..6.9 bbb-record module to export the slides as PNG files.
Thanks & Regards
The text was updated successfully, but these errors were encountered: