Details
-
Improvement
-
Status: Open
-
Minor
-
Resolution: Unresolved
-
Master
-
None
-
None
-
Mac OS X Yosemite (10.10.5) Chrome 47.0.2526.73
Description
Background
I have been running into issues with a Cordova project of mine where the security settings on Chrome force the browser to run an OPTIONS HTTP request before any POST request is made. When debugging on Android and iOS, I discovered that these OPTIONS requests are not sent before the POST requests.
Problem
I did some research and found that these OPTIONS requests are being sent because of Chrome's same origin policy settings:
http://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome
I used
cordova run browser
to test this and found that after running this command and then running chrome with
open -n -a "Google Chrome" --args --user-data-dir=/tmp/temp_chrome_user_data_dir_for_cordova http://localhost:8000/index.html --disable-web-security
My application worked and the HTTP OPTIONS requests were no longer being sent
Solution
I think that Chrome would more closely replicate the other platforms if we disabled its "Same Origin Policy" security settings using the
--disable-web-security
flag when launching Chrome.
The flag's function is documented below:
http://peter.sh/experiments/chromium-command-line-switches/#disable-web-security
referenced by
https://www.chromium.org/developers/how-tos/run-chromium-with-flags
Pull Request
I see where in the code this can be done and I am wondering if this is worth submitting a pull request for.
src/browser.js Line 93:
Before:
var chromeArgs = ' --user-data-dir=/tmp/' + dataDir;
After:
var chromeArgs = ' --disable-web-security --user-data-dir=/tmp/' + dataDir;