Uploaded image for project: 'Apache Cordova'
  1. Apache Cordova
  2. CB-10132

Disable Chrome web security when launching the browser

Attach filesAttach ScreenshotAdd voteVotersWatch issueWatchersLinkUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: Master
    • Fix Version/s: None
    • Component/s: cordova-serve
    • Labels:
      None
    • Environment:

      Mac OS X Yosemite (10.10.5) Chrome 47.0.2526.73

      Description

      Background

      I have been running into issues with a Cordova project of mine where the security settings on Chrome force the browser to run an OPTIONS HTTP request before any POST request is made. When debugging on Android and iOS, I discovered that these OPTIONS requests are not sent before the POST requests.

      Problem

      I did some research and found that these OPTIONS requests are being sent because of Chrome's same origin policy settings:

      http://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome

      I used

      cordova run browser

      to test this and found that after running this command and then running chrome with

      open -n -a "Google Chrome" --args --user-data-dir=/tmp/temp_chrome_user_data_dir_for_cordova http://localhost:8000/index.html --disable-web-security

      My application worked and the HTTP OPTIONS requests were no longer being sent

      Solution

      I think that Chrome would more closely replicate the other platforms if we disabled its "Same Origin Policy" security settings using the

      --disable-web-security

      flag when launching Chrome.

      The flag's function is documented below:

      http://peter.sh/experiments/chromium-command-line-switches/#disable-web-security

      referenced by

      https://www.chromium.org/developers/how-tos/run-chromium-with-flags

      Pull Request

      I see where in the code this can be done and I am wondering if this is worth submitting a pull request for.

      src/browser.js Line 93:

      Before:

      var chromeArgs = ' --user-data-dir=/tmp/' + dataDir;

      After:

      var chromeArgs = ' --disable-web-security --user-data-dir=/tmp/' + dataDir;

        Attachments

          Activity

            People

            • Assignee:
              TimBarham Tim Barham
              Reporter:
              mholmes Mark Holmes

              Dates

              • Created:
                Updated:

                Issue deployment