This behavior has been resolved and deployed to the production environment as of 7/23/25.
Description
When a user attempts to preview a content that was shared with them via Direct Share, the preview displays blank and the console shows two error messages:
Access to XMLHttpRequest at 'https://cdn.inst-fs-dub-prod.inscloudgate.net/……' (redirected from 'https://istvanurban.instructure.com/files/652123/download?download_frd=1&verifier=oHMNnaqHJSePW3fkpc...') from origin 'https://common-cartridge-viewer.netlify.app' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.GET https://cdn.inst-fs-dub-prod.inscloudgate.net/..... net::ERR_FAILEDExpected Behavior
Users should be able to preview the content shared with them
Workaround
No workaround exists at this time.
Steps to Reproduce
Prerequisites: two instructor and a course with some content to share
-
As one of the teachers, share the content with the other teacher
-
As the other teacher, attempt to preview the content from the “Shared with Me” tab
Additional Info
LX-2911
Known issues indicate notable behaviors that have been escalated to the Canvas engineering team. Known issues are not a guarantee for an immediate resolution. This document is for informational purposes only and does not replace the Support process. If you are encountering the behavior outlined in this document, please ensure you have submitted a Support case (per your institution's escalation process) so Canvas Support can adequately gauge the overall customer impact and prioritize appropriately.
