"Not allowed to load local resource" when redirecting to app:// or file:// URIs

[jayfresh]

Sorry this is a bit of a bad bug report as it's hard to provide sample code, but the use-case is really simple. I have a nw app that loads a HTML page with a link on it with this href:

http://localhost:3000/redirect

That URL is a tiny express app that does the following:

app.get('/redirect', function(req, res) {
  res.redirect('app://myapp/index.html');
});

So what should happen is that clicking the button ends up redirecting back to the index page. Instead what happens is that there is an error:

[36767:0128/000805:INFO:CONSOLE(0)] "Not allowed to load local resource: app://myapp/index.html", source: app://myapp/index.html (0)

I've tried this on nw v0.8.4 and v0.9.0-rc1.

Any help much appreciated, as this is stopping me from setting up an OAuth login.

[FrankFang]

+1
Got "Not allowed to load local resource" when redirecting to app://... in an iframe.

[MichielDeMey]

I currently have the same issue.
Any info on how to fix this?

[gillesdemey]

+1, having the same issue.

What I've tried so far:

• Added the nwfaketop and nwdisable (and any combination of both) attributes to an iframe loading the authentication page.
• Try to inject javascript into the iframe and capture the url response with the oAuth token
• Added the iframe's url to the node-remote attribute in package.json

None of these solutions seem to work, is oAuth authentication via node-webkit even possible?

[rogerwang]

Hello, I'll look to fix this issue in the next version.

[Dshankar]

Is there any update on this? I can't figure out how to implement Github Oauth because it can't redirect to a local app://app/file

[FrankFang]

@Dshankar I hacked this by redirecting to my github pages and watch the changes of window.location.href. A little tricky.

[rogerwang]

With the commit, the problem can be fixed by nw.App.addOriginAccessWhitelistEntry('http://localhost:3000/', 'app', 'myapp', true);

[FrankFang]

👍

[stephan-nordnes-eriksen]

I am having the same "Not allowed to load local resource" issue, except that it is with some of my js.map files in my normal index.html file. Everything else loads fine, but my map-files are not allowed. Can I use the addOriginAccessWhitelistEntry approach? If that is the case, how?

For reference:

Not allowed to load local resource:     
    file:///Applications/MyApp.app/Contents/Resources/app.nw/js/vendor.js.map 
Not allowed to load local resource: 
    file:///Applications/MyApp.app/Contents/Resources/app.nw/js/app.js.map 

[JacopoDaeli]

+1 I have the same problem of @stephan-nordnes-eriksen .

[stephan-nordnes-eriksen]

@JacopoDaeli My solution: compile your javascript stuff in "production mode", and you won't get the .map files (aka. "brunch watch -P" if you use brunch).

[JacopoDaeli]

Thanks @stephan-nordnes-eriksen. Is there a reason about this problem?

[stephan-nordnes-eriksen]

I was not able to find a true solution to it. I think it has to do with security settings, but I was never able to solve it.

[cmarrero01]

I have the same issue with 0.8.6 version of node-webkit, and I cant solve the problem with any recomendation here and other post. I open a new windows with a server page in other domain (like oauth), and I want to redirect to the local page, and the error say: "Not allowed to load local resource!

How I make to solve this?. how I make to apply this example of @rogerwang

nw.App.addOriginAccessWhitelistEntry('http://localhost:3000/', 'app', 'myapp', true);

UPDATE:

I try to do this:
var gui = require('nw.gui');
var win = gui.Window.get();
gui.App.addOriginAccessWhitelistEntry('http://my_ip/', 'app', 'myapp', true);

But I had the next error:

Uncaught TypeError: Object [object Object] has no method 'addOriginAccessWhitelistEntry' 

Thanks

[djMax]

+1 for backporting this to 0.8.6 if possible.