Header Origin not allowed - javascript

I want to bring a web application from PhoneGap to pc browser just because I need to do some tests. Inside the WebApp there are some XMLHttpRequest which fail because the Header origin is null.
I've already tried to run Chrome with this command :
chromium-browser index.html --allow-file-access-from-files
I've got the same error :
Origin file:// is not allowed by Access-Control-Allow-Origin.
I can't understand why with android emulator everything works properly.
Also phonegap loads the local file :
super.loadUrl("file:///android_asset/www/index.html", 1);
More or less I've solved it with this add On for Firefox!
It might be useful for others people :
Firefox add-ons Force CORS

Try using this flag --disable-web-security when launching chromium. Obviously, it's for dev purposes only.

Related

CORS still enforced after disabling Chrome web security?

I'm trying to grab data from one website and use it to write something into another website (using JQuery/Javascript). Understandably, the same origin rules weren't going to let that happen, but I figured disabling web security/CORS on my browser should fix that problem. For some reason, I can't get the policy disabled in Chrome, and I can't figure out why.
I've tried launching Chrome with --disable-web-security --user-data-dir=
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --disable-web-security --user-data-dir="C:\Users\<username>\Desktop\chromeTemp"
I expected to be able to open a new tab, access 'document' in the console, and find a link I want to 'click', but instead I got
VM186:1 Uncaught DOMException: Blocked a frame with origin <url> from accessing a cross-origin frame.
I thought this would no longer be blocked?
Looks like there might be an open bug for this, possibly try an older chrome version.
https://bugs.chromium.org/p/chromium/issues/detail?id=840124
See Last Comment on workaround:
"The workaround is to download an old version of Chrome as a portable app : https://sourceforge.net/projects/portableapps/files/Google%20Chrome%20Portable/ (version 66.0.3359.181 still works). It's the one I use when I'm developing..."

Chrome SecurityError loading jQuery Mobile page from local file system

I get the following error in Chrome when loading a trivially simple html file with a jQuery Mobile reference. The error is not present with just the jQuery reference.
Uncaught SecurityError: Failed to execute 'replaceState' on 'History':
A history state object with URL 'http://stacksnippets.net/js' cannot
be created in a document with origin 'null'.
<html>
<head>
<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.js"></script>
</head>
<body></body>
</html>
You can also "Run code snippet" and see the error in the console.
This error did not happen before today. I have not changed my code or method of loading the html file in the browser. It used to work perfectly - I use the same code for all my PhoneGap apps.
Does anyone know if there was a Chrome security update that causes this SecurityError or whether I'm missing something? How would you go about debugging this? Thank you.
UPDATE
This discussion I think points out what is going on, which I suspected, since the error does not appear when running with a web server: Origin null is not allowed by Access-Control-Allow-Origin .
But I am still wondering why this changed in the past day, whether Chrome has had a change in their security policy, or why it was working before, and whether any of my PhoneGap apps will be affected.
This error is same as the origin is null error. This error occurs because of the security feature of Chrome.
A simple solution to test the application is to bypass this security on chrome.
Steps:
create a chrome browser shortcut on desktop.
Close all the instances of chrome on your machine.
Right click on the desktop shortcut of chrome and click on Properties.
in Target field, append " -allow-file-access-from-files" at the end.
Save and close properties.
Open chrome via this shortcut only.
Hurry, the error has gone. App works perfectly.
NOTE: This is just a work-around I use to test my cordova apps on desktop browser for UI testing.
Temporary solution: I've commented out all history.replaceState calls in jquery mobile, didn't need to manipulate browser history in my app anyways.
I wonder if it's chrome security bug or model and future behavior.
On a Mac I was able to fix this by running a webserver instead of loading it from a "file://" url:
http://lifehacker.com/start-a-simple-web-server-from-any-directory-on-your-ma-496425450?utm_expid=66866090-49.VYy4WCNHSyuP6EmjnM93MQ.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F
python -m SimpleHTTPServer 8000
In the directory should make it available from Chrome via 0.0.0.0
I don't seem to have the same problem, not on the stable version of Chrome (45) or the Dev version (47).
However, I have personally seen issues with the CORS header, too. If you can cause the problem to happen reliably, I suggest filing a bug at crbug.com and a Chrome developer will have a look at it.

Difference in launching Angular JS application in Chrome and Safari?

Team,
I am working on Angular JS application. When I want to test the app, I used to just launch the application directly into the browser from file system. The url would be like
file:///Users/easwar/AngularApp/index.html
When I need to launch the app in Chrome, I need to open the browser from terminal using the below command
open -a Google\ Chrome --args --disable-web-security -–allow-file-access-from-files
to avoid the below error.
"XMLHttpRequest cannot load , Cross origin requests are
only supported for protocol schemes: http, data, chrome,
chrome-extension, https, chrome-extension-resource."
But surprisingly in Safari the app works fine without doing anything like this.
I would like to find what is the difference between these browser behaviors? Why its working in Safari and its not working in Chrome without a tweak?
In short: google chrome doesn't like local cross calls.
More found here: Cross origin requests are only supported for HTTP but it's not cross-domain .
It's Googles privacy and security policy: they try to avoid as much risks as possible, and local file calling seems to be one of them.
Read more on cross origin requests and how they're handled in Google Chrome here: https://developer.chrome.com/extensions/xhr
If you don't want to use those console commands, you might want to look for a webserver to host it (or a local webserver).

createjs load local files loadqueue

Im have been working on a project with the createjs library and I have used Brackets with Live preview where everything works perfectly, but if I just open the file in a browser I get the following error message in chrome.
XMLHttpRequest cannot load file:///C:/Users/Maskinen/Docuemnts/fail.fail. Cross origin requests are only supported for HTTP.
I have read that if I set loadqueue(false) I wouldnt get problems with loading local files. I therefore thought that when it was working in live preview in brackets everything was fine. Is it possible to run chrome or firefox as Brackets in live preview or similar? The project is part of an assignment and it isnt possible to use a webserver :(
This it what is found by searching around for a bit:
If you launch chrome.exe like this it should work
chrome.exe --args --disable-web-security
When you're done restart chrome without the args and it works like normal again.
Source:
http://robandlauren.com/2013/09/25/cross-origin-ajax-requests-localhost-chrome/
I prefer to be more specific to it and use allow-file-access-from-files flag.
To do that execute chrome with this option:
Windows
cmd
chrome --allow-file-access-from-files
Mac
bash
open /Applications/Google\ Chrome.app --args --allow-file-access-from-files
Even thought this is disabling security protections so be careful with it, and enable it back to browse securely 😀

Chrome create extention to avoid origin file // is not allowed by access-control-allow-origin

I am getting origin file // is not allowed by access-control-allow-origin. chrome
when calling an https//abc.com using xmlHttpRequest().
Works fine in IE10 but not in Chrome. I get the above error in Chrome. Searching online i saw I need to make a packaged extension and mention http://*/ in that file under 'permissions'. How to create this extension and install? Am i missing something, can somebody give a tutorial.
Your solution definitely has nothing to do with creating a chrome extension. What you read with regards to that is only for those actually developing a Chrome extension and will not help you on your site. Read the link given by Satya in the comments. Here it is again:
Cross Domain Requests

Categories

Resources