Folks -
First, my apologies if this topic has been discussed before. If so,
just point me to the relevant part of the spec or discussion and I'll
go away :-). I also apologize if this is the wrong group for this
question. If so, point me to the correct one. I haven't been able to
find any information on my question in either the spec or in multiple
web searches.
In our customer base, we're increasingly seeing the following
scenario. By way of introduction, I need to impart that these folks
are looking to use a web browser, with its attendant well-known
technologies, as a replacement for writing apps in tools such as VB or
Delphi. In other words, to them, a web app might or might not have
anything to do with loading the app from an HTTP server - to them a
'web app' is one authored with the technologies a browser innately
understands - JS, CSS, HTML, XML.
So, the scenario is a user who has a full copy of their app as a set
of pages / JavaScript on their hard drive. They launch their app by
double-clicking on an 'index.html' from the file system and the app
runs. The app has now been loaded from a 'file://' URL.
The user would then like to access data from an http:// URL. This is
currently possible from both Mozilla/Firefox and IE, via proprietary
mechanisms that allow 'cross-domain' access (i.e. in this case from a
'file://' domain to an 'http://' domain). It is understood and
accepted by the user base that they may see a security prompt in this
scenario.
So, the question is how CORS might work in such a scenario. For the
Webkit/Safari/Chrome class of browsers, there is currently no
equivalent proprietary 'cross-domain' functionality, thus hampering
our ability to deploy to these browsers.
I've tried a few of the CORS examples out there, and they all fail in
this scenario (load the page containing the JS code from the 'file://'
system and try to access the test server).
Any thoughts or assistance here would be greatly appreciated!
Cheers,
- Bill