Embedded Files
Resources
Resources
- vue.js guide
- Apache Cordova
- Code developed in class for hw5 (branch: hw5)
- Code developed in class for news reader app (branch: lecture3)
How to fix the Auth problem
How to fix the Auth problem
At the end of class, I got stuck trying to making HTTP calls to our backend server. The problem was solved by making three changes.
Page security policy
First, in the app header, I had to change the Content-Security-Policy header to the following:
<meta http-equiv="Content-Security-Policy" content="default-src *; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-inline' 'unsafe-eval';">The above is a bit of an over-general header, because it enables the web page to make calls to any server, but why not.
Server security policy
Next, on the server, I have to specify that I accept connections coming from all clients.
This is done differently in different servers, but in web2py it can be done by inserting the following line in models/db.py:
# Allow anyone to connect.response.headers['Access-Control-Allow-Origin'] = '*'
Browser header enabler
This last step is optional. However, if you serve your web page from your laptop (localhost, or 127.0.0.1, ...), not all browsers include the allow-origin headers when contacting it. In this case, the following extensions help:
- https://chrome.google.com/webstore/detail/cors-enabler/moemeipfappdfiffdphjhhknpmdpjffp
- https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/
My personal recommendation is as follows. I never like to use such extensions in my regular browser, because extensions have access to all the browser content (email, docs, etc). So I launch Apache Cordova with target Firefox:
cordova run browser --target firefoxAnd on Firefox, I create a Cordova profile, which I select when launching Firefox:
On that particular profile, I install https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/
Video
Video
Page updated
Report abuse