Domain needed to whitelist. How to do it for a mobile App ? (no domain to provide)

I want to make an IOS app talk with ShapeDiver using the JavaScript API.
ShapeDiver requires a domain to whitelist to get access to the configurator; How to do it for a mobile App ? (no domain to provide)

Embedding domain checking is based on the Origin header sent by web browsers, therefore embedding domains cannot be used as part of a mobile application. You will need instead to enable “Backend access” for your model in the Edit page, and use the backend ticket instead of the embedding ticket.

ah, I see, thanks a lot, Mathieu :slight_smile: I’ll do that

I have tried the same, but did not work.
Throwing error: Model does not allow backend access.

Expectation: Model should load irrespective of domains allowed.

Could you please let me know which ShapeDiver account you are using (user name), which model causes this issue, as well as the context in which you are trying to use the geometry backend API? The backend ticket should not be used in applications that rely on the ShapeDiver viewer or in general run in the web browser.

Hi Mathieu

Shapediver account: ShapeDiver
Tested on this model: ShapeDiver
I guess every model have this issue.

Context: I am building a hybrid mobile app (webviews) and trying to render shapediver viewer.
Since the mobile apps dont have domain, I doubt how will this work? What can be the solution?

In the context of the screenshot of your first message, could you send the content of the “Headers” tab of the network section? Depending on the contents there, we might be able to help you move forward.

Please find the screenshot below regarding headers.

Hello @manojdotwork !

Please use the ticket which is under TICKET FOR DIRECT EMBEDDING in the Embedding tab on the edit page.

Regarding the domains, please add to your domains. This is the domain that is used here (you can see that in the x-shapediver-origin property). You can change your domains in the Embedding tab in your Account Settings.

Let me know if this works for you.

Cheers, Michael

Hi Michael

It will work if i change domain.
But, how will it work in Mobile app (hybrid app) developed on Cordova platform.
It is on html/js/css.

the whole discussion is to make this work for mobile apps, irrespective of domains.

@manojdotwork do you have the ability to debug (view) the network traffic of the webview running in the mobile app? If so, please check the request headers sent, specifically the Origin and X-ShapeDiver-Origin header.

Hi Alexander

yes, I am able to view the headers of webview. Below is the screenshot.

@manojdotwork many thanks. This means we must adapt our platform to allow app://localhost to be added as a domain. This involves several software components and will therefore take a bit of time.

One more question: Your screenshot shows only a limited number of headers. You probably didn’t select the request whose path starts with /api/v2/ticket/.... Please review this.

We will work this by allowing the scheme app for origins in addition to https. We should be able to roll this out somewhen next week. It would still be great if you could check whether you can get a complete picture of the headers sent, to make sure we are actually solving the problem as expected.

Hi @snabela
Thats great news.
Yes, i got the screenshot of request. Please verify.

Response is (this is in Safari, btw)

Hope this helps.

Many thanks! We will let you know once the update has been deployed.

1 Like

@manojdotwork the update has been deployed. Note: You will need to allow the domain localhost.

1 Like

Thank you so much @snabela
I will check it and get back!

Hi @snabela
It should work for any domain correct?
I tried to change domain which is already in allowed list. and its not working.

Not sure what I’m doing wrong. Please help.

@manojdotwork please try again. We had not been allowing the app scheme for CORS requests. This has been fixed and it should work now.