Plugin breaks cross-origin requests #2

Closed
emgeee opened this Issue Jun 8, 2014 · 6 comments

Projects

None yet

2 participants

@emgeee
emgeee commented Jun 8, 2014

Installing this plugin appears to break cordova apps' ability to make cross origin requests. This appears to be related to how livereload actually works but it might be worth mentioning as a caveat in the docs. Maybe this issue could be mitigated using a CORS proxy?

@sebastien-p
Member

Hi,

Sorry I'm pretty sure you already know about this and that but I have to make sure of it.

If you whitelisted the domain you want to reach and the issue remains, can you provide me with an example so that I can reproduce (and hopefully fix) it?

Thanks.

@emgeee
emgeee commented Jun 10, 2014

Thanks for the response!

I am familiar with CORS and have made sure to whitelist everything ().

The issue can be recreated by simply making a request to a server that does not have CORS enabled:

var req = new XMLHttpRequest();
req.open('get', 'http://a1959.phobos.apple.com/us/r1000/015/Music6/v4/06/13/b4/0613b458-ea82-9cde-6f97-d46ebb8e8f7a/mzaf_7371032596706746859.plus.aac.p.m4a', true);

Add that code somewhere in a test app such that it will get run then try running it with Gapereload enabled and without it (make sure to have the webview debugger hooked up as well). The request should complete just fine without livereload but should fail when livereload is enabled.

When Gapreload is enabled, appears that origin is set to that of the asset server (localhost:8000) instead of the file:// that asset files are usually loaded from.

As I mentioned before, I think you can get around this by running a CORS proxy locally and then modifying the XMLHttpRequest object to automatically proxy all requests (similar to http://stackoverflow.com/questions/629671/how-can-i-intercept-xmlhttprequests-from-a-greasemonkey-script). I think this is the way that ripple (http://ripple.incubator.apache.org/) does it.

There might also be a way that involves native code, but that's out of my area of expertise.

In any case, the plugin is still awesome. I just thought I'd mention this issue here since it doesn't seem obvious and caused me some headache before I finally figured it out.

@sebastien-p
Member

Thank you for all those interesting details. I wasn't aware Cordova/PhoneGap simply relies on Webkit's file protocol trusting for cross origin requests. And you're totally right, GapReload currently redirects the whole app to http://$SERVER_HOST:$SERVER_PORT.

So I guess one could run a proxy or something but maybe allowing people to specify a value like file://my.host as SERVER_HOST (and forget about SERVER_PORT in this case) could be a simpler workaround?

If this solution suits you I can implement and document it as soon as possible.

@emgeee
emgeee commented Jun 10, 2014

Ah yes, I was thinking about something like that but I don't think it'd work for anything but the iOS simulator. Unlike the iOS sim, the android simulator doesn't appear to have access to the local filesystem - the same goes for developing on physical devices.

@sebastien-p
Member

OK, as you can I added a note to the project readme. What do you think I should do now, close the issue or leave it open?

@emgeee
emgeee commented Jun 16, 2014

Looks good, I think you can safely close this issue. It's linked in the readme so hopefully people can find it and read the discussion.

@emgeee emgeee closed this Jun 16, 2014
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment