CORS file:// problem POST request


#1

I can not use POST requests on the APP/emulator view due to CORS issues. it works perfectly if I set on the server Access-Control-Allow-Origin: *, but, for security reasons, I won’t use that. On the browser works anyways.

Otherwise, the output is 403:

Cross-Origin Resource Sharing (CORS) Filter: CORS origin denied: file://

I have consulted the well-known article http://blog.ionic.io/handling-cors-issues-in-ionic/ which is great, but it doesn’t help in this case. As well as this great tutorial: http://www.html5rocks.com/en/tutorials/cors/

This is a great reference too:

After tons of attempts on the Front-end, I don’t know what else to do. I would appreciate any help. Thanks.


#2

Are you saying it works in the app and not the browser?

I would try starting the browser with CORS checking disabled (http://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome)

When you start the browser using the details in the SO link above you will get a yellow bar telling you security is disabled and some other stuff (If you don’t get the bar you have not disabled CORS!)- ignore the message and open your website. If the problem goes away it is a CORS problem. If it does not go away then it is a code problem and not related to CORS.

If you run it as an application then you should be okay as your application files are loaded using the file scheme so there is no domain for javascript and you call pull data from anywhere into your app.

CORS is unfortunatly there to protect people from all sorts of nasty security problems that can arise so there is no way to work around it aside from having another server that will host your code and also act a proxy for accesing the other server. With the javascript and data all appearing on the same domain you will be okay. Of course you will be at risk from the very problems the owner of the original server was protecting against by using CORS


#3

Thanks for answering!

I am sorry if I didn’t explain myself well. I meant the other way around, it doesn’t work on the app, that is why I am trying to guess. Because as you well said:

If you run it as an application then you should be okay as your application files are loaded using the file scheme so there is no domain for javascript and you call pull data from anywhere into your app.