Disable the Same Origin Policy / making cross domain XMLHttpRequests in WebKit WebViews?

StackOverflow https://stackoverflow.com/questions/2421224

Question

I would like to disable the same origin policy on XMLHttpRequests in my own embedded WebViews. I have control over the pages loaded / code being executed in the WebView, so I do not care about enforcing the same origin policy. I would like to make cross-domain requests.

I've tried implementing the WebPolicyDelegate and WebResourceLoadDelegate but they do not seem to be called for XMLHttpRequests.

Was it helpful?

Solution 

void WebSettingsImpl::setWebSecurityEnabled(bool enabled)
{
    m_settings->setWebSecurityEnabled(enabled);
}

Hopefully this is what you need! You can send me a message for webkit.

OTHER TIPS

I think you'll struggle to find anyway to do that in a way that is useful to you. Have you considered JSONP instead of XHRs? http://en.wikipedia.org/wiki/JSON

The high-level overview is that JSONP uses the same mechanism for requesting external scripts as you're using above. The difference is that your server will recognise this and will package up the JSON response as the argument to a callback method. When your site receives this 'script', it executes it thereby returning the data directly into your callback method.

If you are able to use a framework like jQuery, most of the client side would be transparently handled for you. In fact, it will use virtually the same methods that you use for XHR (AJAX) requests. Check it out here: http://api.jquery.com/jQuery.getJSON/

You could try adding the Access-Control-Allow-Origin: * header to the server response. I don't think it's supported by all browsers though.

More info: https://developer.mozilla.org/en/HTTP_access_control

I was looking for how to do this on OSX. It turns out WebPreferences has a private method: setWebSecurityEnabled. Set this to false and it should work.

http://trac.webkit.org/browser/trunk/Source/WebKit/mac/WebView/WebPreferences.mm?rev=111350#L1011

So for example:

NSString* noSecurityPreferencesId = @"noSecurity";
WebPreferences* prefs = [[WebPreferences alloc] initWithIdentifier: noSecurityPreferencesId];
[prefs setWebSecurityEnabled: false];
[webView setPreferencesIdentifier: noSecurityPreferencesId];
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top