HTML files: getting around CORS (cross-origin)

Xyless · August 30, 2018, 6:19pm

I used an older version of CasparCG a few years ago for some graphic outputs for some game streams. I don’t have access to the computer that handled that, but I currently have code that’s not loading due to cross-origin issues, which is common for accessing local files. I’m not sure how I worked around it last time, so I’d like to know if anyone knows of the solution.

The specific code that’s throwing the cross-origin error is this:
xhr.open('GET', "streamcontrol.JSON?test="+cacheBuster,true);

jyeomans · December 11, 2018, 10:35pm

did you figure this out?

i have a project that is giving me the same issue.
for testing i am using a local json file.
on deployment it will be an ajax call.

Norbert · January 13, 2019, 12:05pm

It’s not the CasparCG issue:

security aside, you can simply add header on server side (that’s where your JSON is generated):
Access-Control-Allow-Origin: *

indr · January 20, 2019, 5:24am

Yes, if your webpage is opened via the file:// protocol, any request is cross-origin.

If you really need to load JSON files over the file:// protocol, you have three options:

Disable the browser setting for CORS protection. For example for Firefox this is: security.fileuri.strict_origin_policy in about:config, which I obviously don’t recommend, or
Load your JSON files via JSONP, or
Start a local web server with Python or Node.js to server your files over http://localhost thus not doing cross-origin requests.