HTML5 desktop frameworks (relaxed) browser security

Question

I have a question regarding the (relaxed) browser security of app.js as i have read somewhere in documentation (i tried searching for it but could not find it). I do see that there is an option that can be set here: https://github.com/appjs/appjs/blob/master/docs/index.md

I have started building a desktop application using adobe AIR using Starling and Feathers UI because the service i am building the app for (Pinboard) does not have CORS enabled and will not do so in the future (see this google group chat about it). However, i would like to start with (node-webkit / App.js / similar HTML5 desktop framework) as well, just to see how that goes (and also i believe that building good transitional interfaces is a lot easier and faster in HTML5 nowadays).

My generalized question is: will app.js and other HTML5 desktop application frameworks allow me to circumvent CORS requirements? I am trying to find more concrete information about the browser security settings but i can not find it. Any pointer to such information (of different desktop application frameworks) will be greatly appreciated!

Michael

Answer 1

On the "server" side of your app, you are running Node.js, which does not enforce any CORS restrictions. That's a browser thing, Node.js is just a JavaScript runtime.

On the client side of your app though, you might suffer from CORS, that depends on the runtime/framework and I couldn't find anything about App.js either. But you could simply proxy requests to Pinboard through the server side, which would work around all CORS issues. There are a quite a few proxy servers for Node.js that could be used for this purpose, like node-http-proxy.