Open jdeolive opened 10 years ago
ischneider
commented
10 years ago @jdeolive Not sure I totally understand - if the app is on the device, how is this cross-origin? Or is it more about ease of development? i.e. run the server but develop the app on the desktop talking to the device endpoint.
tschaub
commented
10 years ago A static app served from file:///path/to/foo.html could only use data from a server responding with a Access-Control-Allow-Origin: * header. It also might be useful to support apps on one port accessing data from geodroid-server on another.
ischneider
commented
10 years ago understood @tschaub - my question was more "under what realistic circumstances", versus "technically, why?"
would chrome apps be served up with an origin of file:// ? in this case, then yes it is needed as I think this is the best approach to creating/distributing apps
tschaub
commented
10 years ago I think this ticket was triggered by a client trying to browse static files they had copied to their device. I assumed they were browsing with the file "protocol."
If we're talking about the same kind of Chrome apps, the manifest can explicitly allow requests to different origins. I assume CORS support would provide the same without the explicit entry in the manifest. Though this could be wrong.
I've seen mention of WebViews using the file protocol as well. No idea how realistic or common.
Since the point of the mobile server is to enable webapps on the device it would make sense to allow for cross origin access to it.