Disable the Same Origin Policy / making cross domain XMLHttpRequests in WebKit WebViews?

javascript webkit xmlhttprequest webview same-origin-policy

tlrobinson · Mar 10, 2010 · Viewed 9.6k times · Source

I would like to disable the same origin policy on XMLHttpRequests in my own embedded WebViews. I have control over the pages loaded / code being executed in the WebView, so I do not care about enforcing the same origin policy. I would like to make cross-domain requests.

I've tried implementing the WebPolicyDelegate and WebResourceLoadDelegate but they do not seem to be called for XMLHttpRequests.

Answer

I think you'll struggle to find anyway to do that in a way that is useful to you. Have you considered JSONP instead of XHRs? http://en.wikipedia.org/wiki/JSON

The high-level overview is that JSONP uses the same mechanism for requesting external scripts as you're using above. The difference is that your server will recognise this and will package up the JSON response as the argument to a callback method. When your site receives this 'script', it executes it thereby returning the data directly into your callback method.

If you are able to use a framework like jQuery, most of the client side would be transparently handled for you. In fact, it will use virtually the same methods that you use for XHR (AJAX) requests. Check it out here: http://api.jquery.com/jQuery.getJSON/

Disable the Same Origin Policy / making cross domain XMLHttpRequests in WebKit WebViews?

Answer

Related questions