Allow “cross-origin” XHR requests on the local file system (`file:` protocol)
hibou57 last edited by
There use to be such an option in the configuration of Opera Presto. Chrome has a corresponding command line option. There exist something similar with Firefox, and I know Webkit is able to.
It's now common to use HTML+JS+CSS for page more or less used as application or rich interacting documents. Often it relies on XMLHttpRequest. It's commonly used as an example, with search options of documentation systems (if I'm not wrong, Sphinx use it), and I did use it to edit enriched local documents which can't be any longer viewed correctly with Opera Blink.
Additionally, saying “cross origin” for the
file:protocol, is a bit strange, as there is only one origin for this protocol.
I'm aware a page downloaded from the internet, containing such a request to the
file:protocol, may present an issue which may be exploited, but this can hardly an issue with home made document and not so likely an issue with documents from a trusted source.
I would suggest either one of this proposal: have an option (which may be off by default), to allow XHR on the local file system, at the user's discretion, or treat the whole file system as a single origin. This may be a combination of both: the latter may be made an option as the former is.