0

Hi I am trying to work on a webapp that access both local files and ones over http. The page itself is loaded locally but that makes ajax calls to a web server.

Is there a way to do this without violating the same-origin policy?

I know there are many many ways to disable the same origin policy but I am looking for a legitimate way because I do not want to have to pass in command line flags every time.

Additionally, on Chrome a rather annoying popup message appears every time those flags are passed in.

Is there a way around this?

Community
  • 1
  • 1
Startec
  • 10,304
  • 15
  • 74
  • 131

1 Answers1

8

Do you control the webserver? If so, this is possible with a combination of adding a CORS header and running a local http server.

As you probably know, CORS doesn't support local file:// access. However, if you run a simple http server locally you can serve those very same files over HTTP. CORS will happily support cross-origin HTTP requests from localhost.

First, you would need to serve your local files somehow. There are many simply http webservers for just this purpose. One such method is Python's SimpleHTTPServer. If you have Python installed, you can start a local webserver that serves the current directory by running:

python -m SimpleHTTPServer 8080

Second, you would need to add http://localhost:8080 to the list of Access-Control-Allow-Origin headers on the remote webserver.

Note: Adding localhost to the list of allowed origins for a production server is probably a bad idea. Servers should only bypass a browser's same-origin policy for web pages they trust or for data that is truly public.

Community
  • 1
  • 1
Michael Davis
  • 2,020
  • 2
  • 17
  • 28