obsidian-map-view icon indicating copy to clipboard operation
obsidian-map-view copied to clipboard
verified publisher icon esm7

Offline maps break tiles from sites without CORS headers

Open SilverTuxedo opened this issue 8 months ago • 2 comments

Hi! I recently updated the maps view plugin and found out that my map provider, Lima labs, is no longer working. Instead of rendering tiles, it shows "Tile unavailable".

After checking the dev console I was able to see that all of the tile requests are failing due to CORS:

index.html:1 Access to image at 'http://eu.cdn.lima-labs.com/7/34/70.png?api=[redacted]' from origin 'app://obsidian.md' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I was able to trace this back to this line in getBlobFromImageElement:

https://github.com/esm7/obsidian-map-view/blob/57f6414c06d463bdc38a33021e648f9ccff4b06a/src/offlineTiles.svelte.ts#L109

Which forces the server to have the CORS header.

For now, my workaround is to disable Offline Maps > Auto cache in the plugin settings (which downloads the tiles without the CORS limitation).

In order to reproduce this, you can use Lima's demo token and define this map source: http://eu.cdn.lima-labs.com/{z}/{x}/{y}.png?api=demo.

I didn't fully understand why we need to be CORS strict in this request (as the comment above line 109 states). But maybe we can at least show a clearer error if this happens?

Thanks for the awesome plugin 💪

SilverTuxedo avatar Apr 24 '25 19:04 SilverTuxedo

i have encountered the same issue with several tiles providers. i just thought it's a restriction put in place on the providers' end and there is no much we can do. is this something we can get around?

hdlnii avatar Apr 25 '25 17:04 hdlnii

I was aware that some providers don't work well with this mechanism and even put it in the README, but did not consider the possibility that it will affect existing users with existing map sources :(

  1. I should indeed find a way to display a proper error when this happens, as it's not trivial how to catch it.
  2. It was quite a riddle to figure out why specific sources cause a CORS issue with the new mechanism and some don't. I went to great lengths to make it work for those sources too with no success so far. I do have another idea though, and should try it soon!

esm7 avatar Apr 29 '25 07:04 esm7