Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot access client library from a website hosted elsewhere (cross domain requests) #77

Closed
0xnbk opened this issue Mar 5, 2012 · 8 comments
Closed

Cannot access client library from a website hosted elsewhere (cross domain requests) #77

0xnbk opened this issue Mar 5, 2012 · 8 comments

Comments

@0xnbk
Copy link

0xnbk commented Mar 5, 2012

It is not possible to embed a sharejs pad in a website hosted elsewhere. This may be because of the same origin policy.
@josephg
Copy link
Owner

josephg commented Mar 5, 2012

The most recent version of browserchannel in git enables cross-origin requests by default. For now, you can use that. I haven't pushed to npm yet because I'm not entirely comfortable with it. (Obviously, cross-origin requests are a security problem).

@0xnbk
Copy link
Author

0xnbk commented Mar 6, 2012

Great, Let me try it with new version of Browser channel. Thanks for pointing it out :) It would be of great use, if sharejs can be embedded on any web page !

@josephg
Copy link
Owner

josephg commented Mar 6, 2012

I've updated browserchannel to support this behind a flag. Set cors:"*" in the browserchannel server's options. (Ie, browserChannel:{cors:"*"} in your shareJS options object).

(Actually, don't use *. Whatever you put there will be sent as the Access-Control-Allow-Origin header. See this: https://developer.mozilla.org/en/http_access_control )

@josephg josephg closed this as completed Mar 6, 2012
@0xnbk
Copy link
Author

0xnbk commented Mar 8, 2012

Ok thanks, thats working fine now :)

@Jakobud
Copy link

Jakobud commented Jul 1, 2013

Can you explain how to set this up? The Client API page (https://github.com/share/ShareJS/wiki/Client-API) doesn't say anything about how to setup cross origin stuff in the options. I tried this:

var options = {
  origin: "http://my-share-js-server.com:8000",
  browserChannel:{cors:"*"}
}

var connection = sharejs.open('test', 'text', options, function(error, doc) {
  doc.attach_textarea(elem);
});

But I still get:

XMLHttpRequest cannot load http://my-share-js-server.com:8000/test?VER=8&MODE=init&zx=rn7vnzguldwv&t=1. Origin http://www.mywebsite.com is not allowed by Access-Control-Allow-Origin.

I even added this to my .htaccess but it didn't make a difference:

<IfModule mod_headers.c>
  Header set Access-Control-Allow-Origin "*"
</IfModule>

@Jakobud
Copy link

Jakobud commented Jul 1, 2013

Just realized that the browserChannel config option needs to be on the server, duh. This is what I have, still not working:

var connect = require('connect');
var sharejs = require('share').server;

var server = connect(
    connect.logger(),
    connect.static(__dirname + '/public')
);

var options = {
    db: { type: 'none' },
    browserChannel: { cors:"*" }
};

sharejs.attach(server, options);

server.listen(8000, function()
{
    console.log("ShareJS Server started.");
});

This is using ShareJS installed from npm: npm install share@0.6.3

Any help would be appreciated.

@0xnbk
Copy link
Author

0xnbk commented Jul 24, 2013

Try adding browserChannel: { cors:"*" } in bin/options.js. It should work.

@Jakobud
Copy link

Jakobud commented Jul 25, 2013

Fixed here: #228

@thompsonbill thompsonbill mentioned this issue Feb 17, 2014
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@josephg @Jakobud @0xnbk