Reputation: 419
How to disable CORS on Chrome when using visual studio code and using AMF on Apache Royale
As now my interest goes using Remote Object with Apache Royale to communicate with my server with Amfphp, I struggle with CORS.
My first attempt to use SimpleRemoteObject was an error like this :
Access to XMLHttpRequest at '*http://url_to_your_server/gateway.php*' from origin 'null' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.
As I'm launching my application from local, and using AMF to communicate with my server then CORS block request because the requester origin is localhost and not my server domain.
After some google'ling, I find a solution : launch Chrome with some specifics args. Here is my launch.json file :
{
"configurations": [
{
"type": "chrome",
"request": "launch",
"name": "Launch Chrome",
"url": "${workspaceFolder}/bin/js-debug/index.html",
"runtimeArgs": [
"--disable-web-security"
],
"webRoot": "${workspaceFolder}",
"preLaunchTask": "build"
}
]
}
What do you think of this solution ? Are there other solutions ?
Regards
[updated] Warning : since last version of chrome (march 2020) --disable-web-security doesn't works correctly : PHPSESSID doesn't work anymore because of forbiden cookie save
Upvotes: 3
Views: 10566
Answers (2)
Reputation: 46
Another way to avoid this issue without needing to disable Chrome's web-security is to run a local nginx web server pointing towards your app while simultaneously allowing it to proxy to your back end.
Here is a gutted version of my nginx configuration to give you the basic idea:
http {
server {
listen 80;
location / {
root /path_to_your/bin/js-debug;
try_files $uri $uri/ @backend;
}
location @backend {
proxy_pass http://url_to_your_server:80;
}
}
}
The key to making this work is try_files. It will first try the path you attempt, then try the subsequent paths if the resource can't be found at the first, second, etc.
Example:
Accessing http://localhost/ in the browser will first load the index.html file which will load the Royale app. As your app makes requests to the AMF gateway, e.g. http://localhost/amf, it will try each of the paths set with try_files. It won't find /amf at $uri or $uri/, but will find it at @backend.
This is effectively the same as running the app on the same web server as the back end as suggested by Carlos without requiring you to disable web security.
Upvotes: 1
Reputation: 507
that solution is fine for local testing. In production the royale client will be hosted in the same domain than you AMFPHP backend, so the problem will disappear. In fact, you normally will configuring you application to be tested in localhost serving the royale client, and this will remove that need too.
Upvotes: 0
Related Questions
- How to disable CORS in chrome to work with localhost and third party url on window 11 Chrome
- "access to script from origin 'null' has been blocked by CORS policy" error while trying to launch an html page using an imported js function
- "Access-Control-Allow-Origin" error on VSCode Debug Console but 200OK code at network tab at Chrome DevTools
- How to disable cors in chrome Mac
- Firefox/Chrome devtools mode causes CORS errors with VSCode Debugging
- How to disable CORS for google chrome in android studio emulator?
- Enable CORS at Visual Studio Code
- Permanently enable CORS in Chrome on mac
- Disable OPTIONS requests on localhost with Google Chrome browser?
- CORS Issue in Chrome Developer Extension