Hi, I was talking of a simple HTML with some JS and a manifest.json illustrating the bug. I can figure out the C++ myself.
Thanks. On Thu, Nov 19, 2015 at 1:09 PM, Daní Pinart i Nadal <[email protected]> wrote: > Hi, > > Thanks for your interest. I'm sorry to not be as helpful as I'd like but I do > not develop in C++ since a lot of years ago:) > > In my scenario, I'd like to have a configuration as much unrestrictive as > possible. I think enabling CORS is a must in Windows hosted apps, by default, > document.domain is set to something like 'app: > clodgfdnabchkpemnflehmcjkabfgpfc', that makes impossible to comunicate with > any web service hosted at cloud. > > My first attempt to enable CORS consisted in changing line887 in > XMLHttpRequest.cpp file (third_party/webkit/source/core/xmlhttrequest to > options.crossOriginRequestPolicy = AllowCrossOriginRequests; //old value was > UseAccessControl > That allowed to make request Cross Origin but still was not enough. Default > settings prevent to request for custom headers so had to comment checks in > getResponseHeader (line 1222) and getAllResponseHeaders(line 1185) in same > XMLHttpRequest.cpp file cause I need to read some custom headers from > responses in some cases. > > That still was not enough because default settings prevent to set Coookies. > The backend i connect to sends some SetCookie headers first time I access it > that i must later supply on following request. I finally found that changing > constructors in SecurityOrigin.cpp in order to by default force > m_universalAccess and m_canLoadLocalResources flags to true solve the issues > and I can connect to the backend's web server. > > To summarize I think I'd have to be able in some way to set: > ·) The CrossOriginRequestPolicy used in XMLHttpRequest. Right is set always > to UseAccessControl, that I don't know what does it mean (maybe it takes care > to some settings) Other possible values are AllowCrossOriginRequests and > DenyCrossOriginRequests > .)m_universalAccess and m_canLoadLocalResources flags in order to allow > reading all kind of headers and allow browser to set cookies. There's a > setting in WebSettingsImpl.cpp > (third_party/webkit/source/web/WebSettingsImpl.ccp) called setCookieEnabled I > suspect it allows to enable or disable cookies > > I'd like to contribute to this project if you think it can be useful, but I'm > affraid I'd need some guidance (or some links to documentation) because it's > a bit crazy moving within this huge solution > > > > > > -----Original Message----- > From: Alexis Menard [mailto:[email protected]] > Sent: Thursday, November 19, 2015 5:29 PM > To: Daní Pinart <[email protected]> > Cc: [email protected] > Subject: Re: [Crosswalk-help] CORS > > Hi, > > Great, I'm still interested in your simple test case so I can see if any fix > is needed or if I need to back port xwalk_hosts to Windows. I like to make > sure I cover what you wanted. > > Thanks. > > On Thu, Nov 19, 2015 at 12:49 AM, Daní Pinart <[email protected]> wrote: >> Thanks Alexis. That's smart. >> >> I've found that forcing m_universalAccess flag to true in >> blink_platform/ SecurityOrigin.cpp >> (\\third_party\WebKit\Source\platform\weborigin\SecurityOrigin.cpp) >> solves all my CORS issues. Right now I'm hardocding the code in order >> to force it o true. Would be nice to find a way (maybe through some >> manifest.json field) in order to configure this parameter. I guess >> that an unrestricted setting is a quite common scenario for Desktop >> apps >> >> >> >> >> -----Original Message----- >> From: Alexis Menard [mailto:[email protected]] >> Sent: Wednesday, November 18, 2015 7:11 PM >> To: Daní Pinart <[email protected]> >> Cc: [email protected] >> Subject: Re: [Crosswalk-help] CORS >> >> Hi, >> >> On Tue, Nov 17, 2015 at 9:46 PM, Daní Pinart <[email protected]> wrote: >>> Hi Alexis, thank you for your response >>> >>> My apologizes for not benig accurate in my questions. >>> >>> >>> I want enablerequests to other domains I have no control of. App >>> domain is something like "app://clodgfdnabchkpemnflehmcjkabfgpfc" and >>> I need to access to a REST Service in http://mydomain:10080/.... >>> Right now I'm getting a CORS not enabled error >> >> Could you provide me a simple example of what you're trying to achieve. An >> index.html simple, a manifest.json and that's it. >> >>> >>> Right now I'm generating an msi supplying an icon and a manifest file >>> as shown in >>> https://crosswalk-project.org/documentation/windows/build_crosswalk_f >>> o >>> r_windows.html >>> >>> I have downloaded the xwalk Visual Studio solution and located de >>> XMLHttpRequest class so I hope I can do something there. The main >>> issue is that I have no idea how to debug my web app within xwalk in >>> Visual Studio neither how to generate later the msi >> >> So in your crosswalk checkout after running gclient sync you have a .sln in >> src/xwalk. You can open that in Visual Studio (I recommend to use the Funnel >> extension to not load the entire Chromium). Then one can just press F5 >> (after selecting xwalk as the default project), build and run from there >> (and debug, provided you select Debug as a target). What I usually do is >> that I select xwalk as the startup project, and in the options I specify >> which file I want to load (and in that case I will point to the >> manifest.json of the installed .msi of your app so e.g. in the Debugging >> field you would add "C:\Program Files\....\manifest.json"). >> >> Thanks. >> >>> >>> Thanks ins advance >>> -----Original Message----- >>> From: Alexis Menard [mailto:[email protected]] >>> Sent: Tuesday, November 17, 2015 11:45 PM >>> To: Daní Pinart <[email protected]> >>> Cc: [email protected] >>> Subject: Re: [Crosswalk-help] CORS >>> >>> Hi, >>> >>> I'm a bit confused. In one email you're talking about bypassing CORS in the >>> other how to enable it. >>> >>> I've been trying the csp field and in master it works. >>> >>> And yes xwalk_hosts only run on Android at the moment. >>> >>> Thanks. >>> >>> On Tue, Nov 17, 2015 at 8:24 AM, Alexis Menard <[email protected]> wrote: >>>> Hi, >>>> >>>> Windows support is still experimental so things may be broken. >>>> >>>> Bug has been reported >>>> (https://crosswalk-project.org/jira/browse/XWALK-4988 and >>>> https://crosswalk-project.org/jira/browse/XWALK-4996) and is covered >>>> by our test suite, we just didn't have time to look at these issues >>>> yet. >>>> >>>> Feel free to build Windows yourself >>>> (https://crosswalk-project.org/documentation/windows/build_crosswalk >>>> _ >>>> f >>>> or_windows.html) and you can debug and maybe provide a patch, >>>> Crosswalk project is open source after all. >>>> >>>> Thanks. >>>> >>>> On Tue, Nov 17, 2015 at 4:43 AM, Daní Pinart <[email protected]> wrote: >>>>> Hi, >>>>> >>>>> >>>>> >>>>> Please, it’s a bit urgent to get a workaround in order to enable >>>>> CORS on Windows applications. I don’t have any control of the >>>>> server’s side so I need to find a workaround at client’s side. >>>>> >>>>> >>>>> >>>>> I’ve tried to add xwalk_hosts field into the manifest.json but I >>>>> guess it only works for android devices. >>>>> >>>>> >>>>> >>>>> Is there any way to handle this issue by building Crosswalk for >>>>> windows by myself? If so, I’d appreaciate as much guidance as >>>>> possible >>>>> >>>>> >>>>> >>>>> Thanks in advance >>>>> >>>>> >>>>> >>>>> From: Crosswalk-help >>>>> [mailto:[email protected]] On >>>>> Behalf Of Daní Pinart >>>>> Sent: Saturday, November 14, 2015 2:31 AM >>>>> To: [email protected] >>>>> Subject: [Crosswalk-help] CORS >>>>> >>>>> >>>>> >>>>> Hi >>>>> >>>>> >>>>> >>>>> Is there any way to bypass CORS on Crosswalk Windows applications? >>>>> >>>>> >>>>> >>>>> Thanks >>>>> >>>>> >>>>> _______________________________________________ >>>>> Crosswalk-help mailing list >>>>> [email protected] >>>>> https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help >>>>> >>> >>> >>> >> >> > > _______________________________________________ Crosswalk-help mailing list [email protected] https://lists.crosswalk-project.org/mailman/listinfo/crosswalk-help
