+ Start a Discussion
Douglas MolinaDouglas Molina 

Can`t access RichText images with PHP toolkit/soapclient (CORS Error)

Hi. In my Salesforce Org I have a custom object with some fields, including a RichText field (“Icone__c”), where I store a single image inside.
I'm trying to retrieve some records from this object to my website (out from Salesforce), using the PHP toolkit 20.0 (soapclient).
I'm able to connect, query and get these records with PHP, but, the problem: I cannot see the image from Richtext field, because a CORS error.
The RichText content comes, but the image resource doesn’t load, so it generate kind of a broken src.
Even if a copy and paste the image link in a new tab, it goes to the login page, instead showing it.
The interesting thing is, IF I'm already logged in on Salesforce, the images appear normally.

Follow some more details:
 - My user (with I use to log in with PHP) has system administrator profile, with all privileges on
 - The object is checked to be accessed by the api
 - The object standard access is public to internal and partners users
 - The richtext field is available to read/write to all users
 - The WSDL file was generated after all object customizations
 - I'm using the enterprise WSDL version
 - The website uses a SSL connection (https)
 - The website domain is add to the Salesforce CORS whitelist (with "https")

Follow the PHP code:
    ini_set("soap.wsdl_cache_enabled", "1");
    $wsdl = './soapclient/enterprise.wsdl.xml';
    $userName = "MyUser@Company.com";
    $password = "MyPassworkAndMyToken";
    $mySforceConnection = new SforceEnterpriseClient();
    $mySoapClient = $mySforceConnection->createConnection($wsdl);
    $mylogin = $mySforceConnection->login($userName, $password);
    $query = "
        SELECT   Id, Name, Icone__c
        FROM     MktMarca__c
        ORDER BY Name ASC
    $response = $mySforceConnection->query($query);
    foreach ($response->records as $record){
A comparation image:
The left side: When I Log in Salesforce before run the above PHP code, it works.
The right side: When I execute a new/clean browse instance, ignoring any previous Log in. 
User-added image
The browser console error:
Cross-Origin Read Blocking (CORB) blocked cross-origin response <URL> with MIME type text/html. See <URL> for more details.
getRecord.php:1 Cross-Origin Read Blocking (CORB) blocked cross-origin response https://Company.my.salesforce.com/content/session?url=https%3A%2F%2FCompany--c.na49.content.force.com%2Fservlet%2FrtaImage%3Feid%3Da1S5A00000xFQCc%26feoid%3D00N5A00000HMLrN%26refid%3D0EM5A000000x2Dy with MIME type text/html. See https://www.chromestatus.com/feature/5629709824032768 for more details.
The resource Status-Code:
302 Moved Temporarily
What could be wrong?