Within our web application we are using the following method of server communication
- XMLHttpRequest
We are sending the same content/data in both cases but the XMLHttpRequest is ran inside a webwork.
The browser that is been used is chrome with –disable-web-security flag.
Is there any reason why a web worker XMLHttpRequest would fail inside the worker but not outside?
If the exact same code for the XMLHttpRequest is moved from the worker to normal JavaScript it works perfect?
ERROR:
XMLHttpRequest cannot load URL. Origin file:// is not allowed by Access-Control-Allow-Origin.
Update:
After a lot of effort from most of the team here what we have discovered is that in Chrome, web workers appear to run with different security over that of the main browser. (by this I mean when the browser runs with –disable-web-security the web worker doesn’t).
We were trying to access a domain resource (http://domain.com/resource) from (file:///). Despite the browser running with web security disable, the resolution was to have the server respond with a header of ‘Access-Control-Allow-Origin: *’.
Although we could have used file:/// instead of the wildcard we can’t be sure of how this might change across devices in production, and as we are running in a closed network this is less of a concern.
The code at the end of the day remains completely unchanged and only this change in the headers of the server resonse was needed.