2

With the default configuration, I am unable to make XHRs in my Mithril app if I run its Sails server in localhost. All I get is:

XMLHttpRequest cannot load http://localhost:1337/json/test-realms.json. The 'Access-Control-Allow-Origin' header contains the invalid value ''. Origin 'null' is therefore not allowed access.

If I enable CORS with allRoutes: true, origin: '*' that problem goes away, and instead I get:

DOMException: Failed to execute 'replaceState' on 'History': A history state object with URL 'http://localhost:1337/#!/' cannot be created in a document with origin 'null'.

What exactly is the issue here?

Updates:

  • I am using sails lift as server.
  • The web app is loaded via http://test.pink. The domain is set to a LAN IP via the HOSTS file.
  • No resources are loaded via file:/// or localhost.
amyspark
  • 520
  • 1
  • 4
  • 15
  • The issues are most likely unrelated. The second problem is [common](http://stackoverflow.com/search?q=Failed+to+execute+%27replaceState%27+on+%27History%27) when attempting to make changes to history on local development sandboxes - what URL is your app running from, and what are you passing to Mithril's `m.route` to initialise it? – Barney Oct 08 '15 at 10:38
  • I tried to run it from the URLs `localhost:1337` (Sails default), `localhost` and `test.pink` with the HOSTS file pointing to a LAN IP. `m.route` is initialised with `!/` by default (an empty page in my app). – amyspark Oct 08 '15 at 13:47

1 Answers1

1

Turns out the problem was related to Content Security Policy. I had set sandbox 'allow-scripts' 'allow-forms', which as per this and this would treat the page as an iframe with an unique origin.

Disabling the sandbox policy or adding allow-same-origin suffices to fix it.

amyspark
  • 520
  • 1
  • 4
  • 15