Need config option to disable cross-domain check in ajax click code for Phone Gap

jquery-archive / jquery-mobile

jQuery Mobile Framework

https://jquerymobile.com

Other

9.7k stars 2.41k forks source link

Need config option to disable cross-domain check in ajax click code for Phone Gap #1191

Closed jblas closed 13 years ago

jblas commented 13 years ago

Phone Gap's webview allows applications to make cross-domain calls:

http://wiki.phonegap.com/w/page/16494770/FAQ

It says:

"The cross-domain security policy does not affect PhoneGap applications. Since the html files are called by webkit with the file:// protocol, the security policy does not apply. (in Android,you may grant android.permission.INTERNET to your app by edit the AndroidManifest.xml)"

Since the main application HTML file is loaded with a file:// URL, we need a configuration option that allows Phone Gap users to disable the cross domain check in the ajax click code so that they can load pages from their home server.

markusweb commented 13 years ago

Problem is, that in phonegab the index page is loaded via file:// When i now want to load content from my webserver by clicking on a link in list view, jquery loads that content but jqm treats this link as an external link. The content is not inserted into the dom of the origin index.html, no page transitions are perfomed.

I provided a patch that tell jqm to treat those links as internal. I check wether the origin page was loaded via file://

markusweb commented 13 years ago

my patch starts at line 2177

var $this = $(this),

    //get href, if defined, otherwise fall to null #
    href = $this.attr( "href" ) || "#",

    //get href, remove same-domain protocol and host
    url = path.clean( href ),

    //rel set to external
    isRelExternal = $this.is( "[rel='external']" ),

    // path Origin
    isFileOrigin = path.origin.indexOf('file:') === 0,

    //rel set to external
    isEmbeddedPage = path.isEmbeddedPage( url ),

    //check for protocol or rel and its not an embedded page
    //TODO overlap in logic from isExternal, rel=external check should be
    //     moved into more comprehensive isExternalLink
    isExternal = path.isExternal( url )   && !isFileOrigin || isRelExternal && !isEmbeddedPage,

jblas commented 13 years ago

@markusweb

This just hit the HEAD:

https://github.com/jquery/jquery-mobile/commit/08fa6a2ac85f63ecc5124e5157119528fc760bbb

It's a tweaked version of your patch that:

adds a config option $.mobile.allowCrossDomainPages
restricts support to pages loaded via http/https. This is because that code path also handles mail:/tel: and other protocols.
Also parenthesized the expressions.

Just a note that this change allows for URLs like:

file://dir1/dir2/myPhoneGapApp.html#https://myHomeServer.com/dir1/dir2/foo

I also tested to make sure it was properly setting the base tag when the source is loaded.

Thanks for your help!

snive commented 13 years ago

is this only for https request?

jblas commented 13 years ago

@snive

No, it should be for both http and https.