This behavior has been resolved and deployed to the production environment as of 7/23/25.
When a user attempts to preview a content that was shared with them via Direct Share, the preview displays blank and the console shows two error messages:
Access to XMLHttpRequest at 'https://cdn.inst-fs-dub-prod.inscloudgate.net/……' (redirected from 'https://istvanurban.instructure.com/files/652123/download?download_frd=1&verifier=oHMNnaqHJSePW3fkpc...') from origin 'https://common-cartridge-viewer.netlify.app' has been blocked by CORS policy: The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'. The credentials mode of requests initiated by the XMLHttpRequest is controlled by the withCredentials attribute.GET https://cdn.inst-fs-dub-prod.inscloudgate.net/..... net::ERR_FAILEDUsers should be able to preview the content shared with them
No workaround exists at this time.
Prerequisites: two instructor and a course with some content to share
As one of the teachers, share the content with the other teacher
As the other teacher, attempt to preview the content from the “Shared with Me” tab
LX-2911
Known issues indicate notable behaviors that have been escalated to the Canvas engineering team. Known issues are not a guarantee for an immediate resolution. This document is for informational purposes only and does not replace the Support process. If you are encountering the behavior outlined in this document, please ensure you have submitted a Support case (per your institution's escalation process) so Canvas Support can adequately gauge the overall customer impact and prioritize appropriately.
To interact with Panda Bot, our automated chatbot, you need to sign up or log in:
Sign in
