Tresoar: Missing Response Headers and multiple entry points

[sammeltassen]

The Tresoar has published IIIF Manifest and IIIF Image links on the object's landing page, see eg:

• http://collections.tresoar.nl/digital/collection/trlkaarten22/id/1496/rec/3

The site runs on ContentDM but both URLs have been proxied, cf:

• IIIF Manifest:
  • http://collections.tresoar.nl/iiif/2/trlkaarten22:1496/manifest.json
  • https://cdm21056.contentdm.oclc.org/iiif/2/trlkaarten22:1496/manifest.json
• IIIF Image:
  • http://collections.tresoar.nl/digital/iiif/trlkaarten22/1496/info.json
  • https://cdm21056.contentdm.oclc.org/iiif/2/trlkaarten22:1496/info.json

The IDs of the IIF Manifests and info.jsons are those from ContentDM. The content of the manifests is the same. The info.jsons differ: profile level is different, and specifications are missing in the Tresoar version.

Main issue (other than the duplicate files):

• The Tresoar versions cannot be fetched due to missing CORS headers or lack of server response (?)

Response on test-cors.org for the Tresoar Manifest and info.json:

Fired XHR event: loadstart
Fired XHR event: readystatechange
Fired XHR event: error
XHR status: 0
XHR status text: 
Fired XHR event: loadend

From the IIIF Presentation API 2.1.1 documentation:

The HTTP server should, if at all possible, send the Cross Origin Access Control header (often called “CORS”) to allow clients to download the manifests via AJAX from remote sites. The header name is Access-Control-Allow-Origin and the value of the header should be *.

And IIIF Image API 2.0 documentation:

Servers should send the Access-Control-Allow-Origin header with the value * in response to information requests. The syntax is shown below and is described in the CORS specification. This header is required in order to allow the JSON responses to be used by Web applications hosted on different servers.