4

I'm getting the cross-domain error on my local machine (although the code works perfectly on our web server). This is a real pain in the butt for development, so what I'm wondering is this - can I adjust a setting in Chrome to not get that error locally anymore?

It's this one:

Unsafe JavaScript attempt to access frame with URL file:///Users/david/login.html from frame with URL file:///Users/david/varReturn.html. Domains, protocols and ports must match.

Thanks!

maskedbacon
  • 143
  • 3
  • 15

1 Answers1

9

Google has decided that offline file access is cross-domain, regardless. You can try running chrome with --allow-file-access-from-files. I encountered the same problem when reading text files from the same folder using JavaScript.

Rhyono
  • 2,420
  • 1
  • 25
  • 41
  • The super absurd part: for what I was doing (not what he's doing), you're not allowed to cross-domain offline (which I wasn't, but Google thinks I was), but you're allowed to online. So Google is basically saying "you can't be trusted to manage your own files offline; it could be dangerous!! BUT, we'll let any domain access any other domain's text files online." – Rhyono Sep 21 '12 at 01:57
  • 1
    Hi Rhyono, thanks for the reply! How would I use this switch on OSX? – maskedbacon Sep 21 '12 at 01:58
  • 4
    Without this policy, a web page you saved to disk could upload unrelated files from your disk to any server permitting cross-domain requests. – Kevin Reid Sep 21 '12 at 02:17
  • 1
    @KevinReid It should analyze the difference between cross-domain and not cross-domain, rather than say "cross-domain; can't do it!" It says no to files in the same folder. If it was more intelligent, it would check that the paths are identical and that it is clearly NOT cross-domain. – Rhyono Sep 21 '12 at 02:26
  • +1, this is much better than the `--disable-web-security` alternative. – orlade Feb 05 '13 at 18:37