22 February, 2011

Solve your cross domain issues. Avoid "file://"!

I regularly trip over cross domain security problems [1]. These are even harder to solve if you are developing your HTML-based apps locally and try to run them by simply opening them in the browser via "file://local-path-to-my/app1". When such an app request data from a server, e.g., via xhr [2], the requests Origin header value is set to null.

You can avoid this by using a web server and starting your app from the server via "http://localhost:8080/app1". My projects usually reside in an easy to reach path, e.g., /home/juve/projects/app1 or E:/projects/app1, and I do not want to copy them redundantly to the server, into an awkwardly long sub path. Therefore, I often need to create an additional path mapping to the servers config, pointing to my project's absolute paths.

This is possible for many kinds of web servers. Here's how I did in in my Tomcat 6.0 server.xml. Simply find the <Host> tag and add a <Context> tag:
<Context path="/app1" docbase="E:/projects/app1/">
Restart the server. Your ready to go! Don't waste time exploring "file://"-related cross domain problems. Use "http://localhost" instead!

[1] MDC, HTTP access control
[2] Using XMLHttpRequest

No comments: