File Url Cross Domain Issue in Chrome- Unexpected
You are hitting the cross domain/file security limitations of Chrome.
You can, disable this by following the instructions in Disable same origin policy in Chrome and details in How can access and the origin policy in chrome as I'm not using a server on how to start Chrome with these turned off.
A word of warning, though: they are called "security limitations" for a reason so do not go applying this when browsing 3rd party sites. This is extremely dangerous to turn off whilst browsing the web normally. For example, with this turned off I can now make requests on your behalf to sites like gmail.com, facebook.com and yourbank.com, and your cookies will be set allowing me to masquerade as yourself.
If you still really need this, you need to run chrome with the --disable-web-security
flag:
chrome --disable-web-security # unix/linux only
If you need cross OS instructions on how to apply the flag, see http://www.chromium.org/developers/how-tos/run-chromium-with-flags.
Cross origin requests are only supported for HTTP. error when loading a local file
My crystal ball says that you are loading the model using either file://
or C:/
, which stays true to the error message as they are not http://
So you can either install a webserver in your local PC or upload the model somewhere else and use jsonp
and change the url to http://example.com/path/to/model
Origin is defined in RFC-6454 as
...they have the same
scheme, host, and port. (See Section 4 for full details.)
So even though your file originates from the same host (localhost
), but as long as the scheme is different (http
/ file
), they are treated as different origin.
Chrome 65 blocks cross-origin a download . Client-side workaround to force download?
According to the discussion blob:
and data:
URLs are unaffected, so here is a workaround using fetch
and Blobs.
Client-side force download media
function forceDownload(blob, filename) {
var a = document.createElement('a');
a.download = filename;
a.href = blob;
// For Firefox https://stackoverflow.com/a/32226068
document.body.appendChild(a);
a.click();
a.remove();
}
// Current blob size limit is around 500MB for browsers
function downloadResource(url, filename) {
if (!filename) filename = url.split('\\').pop().split('/').pop();
fetch(url, {
headers: new Headers({
'Origin': location.origin
}),
mode: 'cors'
})
.then(response => response.blob())
.then(blob => {
let blobUrl = window.URL.createObjectURL(blob);
forceDownload(blobUrl, filename);
})
.catch(e => console.error(e));
}
downloadResource('https://giant.gfycat.com/RemoteBlandBlackrussianterrier.webm');
Why does Chrome rate a data url as cross origin?
In this case Chrome is just conforming to the following requirement in the HTML spec:
If the
Document
was generated from adata:
URL
A unique opaque origin assigned when theDocument
is created.
Which follows from the fact the embed
element creates an SVG Document in the DOM:
And if you check the properties of that SVG document, you’ll see that its origin
is serialized as null
(it’s actually a unique origin internally, but just gets serialized as null
.)
I thought cross-subdomain AJAX requests were allowed, but this Chrome error seems to indicate otherwise
In short, the rules of the same origin policy are:
- same host
- same port
- same protocol
In your example you are violating the host rule, as a different subdomain could point to a different host/ IP than another, even if the second level domain is the same.
If you have no other possibility, you could try to use JSONP in your ajax request; this doesn't have an SOP.
Reference
Chrome blocking iframe requests as cross-origin request even when origins are the same
I have found the cause of the problem. It turns out that Google Chrome has problems with files that have commas in their filename. When downloading the file via a direct link, Chrome will report that duplicate headers were reported from the server. This has been a long-standing problem with Chrome that has gone un-addressed. Other browsers are not susceptible to this problem. Still, it's a fairly easy problem to troubleshoot and, indeed, when I searched on this error, the first search result had the solution: remove commas from filenames when handling a request from Google Chrome.
However, this wasn't a direct link, it was an AJAX-request, which results in a different exception. In this case, the error provided by Chrome is the cross-origin request exception and this is what made it so difficult to troubleshoot.
So, the tl;dr of it all is to strip out commas in the names of uploaded files.
Related Topics
Mailto Link Multiple Body Lines
Turn Off Chrome/Safari Spell Checking by HTML/Css
Do Http Post Methods Send Data as a Querystring
How Is the Margin-Top Percentage Calculated
What Is the Default Button Type
HTML Image Not Showing in Gmail
How to Apply an Opacity Without Affecting a Child Element with HTML/Css
Make Bootstrap's Carousel Both Center and Responsive
Set Height 100% on Absolute Div
How to Create a Polygon Shape Div
Restrict Future Dates in HTML5 Date Input
Why Use Schema.Org Microdata to Mark Up Web Page Elements
What Is the Standard Naming Convention for HTML/CSS Ids and Classes