how is authorization done? With a cookie?
access token and cookie.
If this worked before, what has changed?
it worked when this was deployed in a desktop app with a local web server, so no authorization at the time.
If your page has an element whose src is that URI, does it load the image properly?
I don’t have that, but I would say that it won’t since the resource is protected. When we switched to a web environment, all of our API requests are handled via a hook on jquery ajax send to provide the appropriate credentials, hence why I was asking if such a hook is available from GoJS to intercept the call.
I still don’t know enough about your situation to say. You don’t have a problem specifying the URI, do you?
The Picture.source string is passed to an HTMLImageElement as its src property. That Img element is cached and shared by all Pictures that use that Picture.source value. Normally when an Img element does a GET request it will send the appropriate cookie(s), if available.
I do recommend that you make sure you get everything working when you use an HTMLImageElement on the page. In other words, make sure everything works outside of (independent of) your diagram.
Thanks for the help. Found a possible solution here using service workers, but realized that a similar issue had been addressed already before with an unprotected API endpoint for other images.