Haxe / OpenFL solving CORS error without having access to the server?

Question

I know there are tons of questions regarding CORS policy in HTML5 tag.

All of them are talking about the server side settings that you need to change the access headers in the server settings or put the headers yourself in the php file etc.

But i am loading images using Loader class and i don't have access to that server.

how do i change the :

Access-Control-Allow-Origin to *

i tried pushing the headers with the URL Request :

urlRequest.requestHeaders.push( new URLRequestHeader( 'Access-Control-Allow-Origin', '*' ) );

but no matter what i did :

i get this error :

Complete code snippet:

loader = new Loader();
loader.contentLoaderInfo.addEventListener(Event.COMPLETE, onImageLoadComplete);

var request:URLRequest = new URLRequest();
request.url = "http://www.someserver.com/some_image.jpg";

request.contentType = "image/jpeg"; //tried it didn't make a difference
request.requestHeaders.push( new URLRequestHeader( 'Access-Control-Allow-Origin', '*' ) );

loader.load(request);

Answer 1

In order to enable cross-origin requests, you will need to add the header on the server side. The alternative is to disable web security:

Disable same origin policy in Chrome

There was a window of time on OpenFL 6.3.0 (before 6.4.0 was released) where there was a regression in the default behavior of openfl.net.Loader (in regards to CORS), but this is resolved in OpenFL 6.4.0 or newer.

Answer 2

Is this for development purposes? I only ask because of the 127.0.0.1 URL involved. It looks like you are hosting your game on 127.0.0.1:3000 and requesting a URL at www.___.com/___.jpg, correct?

Not considering OpenFL specifically, one typical solution would be that the server at 127.0.0.1:3000 could have a proxy capability, fetching and serving images from another web server, so that the browser doesn't see the difference.

This wouldn't help you in the real world, but if you're talking about a development environment, perhaps it's be a workaround.