15

I have problems with Access-Control-Allow-Origin at Android 4.1

In my application i have some local HTML files and Javascripts which i was using to fetch data from web services. Until trying Android 4.1 there was no problem but after trying at Android 4.1 i got this error.

I read lots of documents but i couldn't find a way to solve this problem.

bahadir arslan
  • 4,535
  • 7
  • 44
  • 82

3 Answers3

52

you need to do something like

if (Build.VERSION.SDK_INT >= VERSION_CODES.JELLY_BEAN) 
  wv.getSettings().setAllowUniversalAccessFromFileURLs(true);
slushi
  • 1,414
  • 13
  • 22
8

@I am Developer and the others who are facing the same problem.

Slushis solution works fine. But if you want to compile against and support systems below API11 you have to add the following:

if (Build.VERSION.SDK_INT >= 16) {  
    Class<?> clazz = webView.getSettings().getClass();
    Method method = clazz.getMethod("setAllowUniversalAccessFromFileURLs", boolean.class);
    if (method != null) {
        method.invoke(webView.getSettings(), true);
    }
}

This will load and invoke the method at runtime, so you can compile with e.g. Android 2.3.3.

johnnybgoode
  • 93
  • 1
  • 4
0

Are your web services hosting from the same domain ? I used to get this error while making an ajax call to a service under a different domain. If you have control on the web service, you can set Access-Control-Allow-Origin: * in the header, (although this way is not a secure way of doing so.)

nilgun
  • 10,460
  • 4
  • 46
  • 57
  • Actually they are in the same domain but different subdomains. But i couldn't understand why i got this error only Android 4.1 and not older versions? What changed? – bahadir arslan Jul 04 '12 at 05:04
  • Different subdomains are not also allowed. Chrome was acting really wierd ( it was working ok for my "get" request , but was changing my "post" request to "OPTIONS" request ), it took me a lot time to figure out the error. The error was gone when i put the services and client code under the same subdomain. – nilgun Jul 04 '12 at 08:13
  • it is impossible for me; because client is mobile device :) thanks for your help. – bahadir arslan Jul 04 '12 at 09:53
  • The problem is that if you are serving your service from http://www.domainname.com/subdomainname the url your client uses should be the same subdomainname. it is the url not mobile device. – nilgun Jul 04 '12 at 10:08
  • i am sorry, i couldn't understand. my service is installed at sub.domain.com and i am trying to connect it from mobile device; but i got error because of origin is null and is not allowed by Access-Control-Allow-Origin. – bahadir arslan Jul 04 '12 at 10:21
  • i thought you were trying to make an ajax call, as you tagged the question with javascript and xmlhttprequest. therefore client is the page you are running your javascript code which should be hosted under the same subdomain as your web service. – nilgun Jul 04 '12 at 18:28
  • Yes you are right and that is the best solution but impossible to host my javascript at that server. – bahadir arslan Jul 04 '12 at 20:15
  • You can read about Same-Origin-Policy here: http://en.wikipedia.org/wiki/Same_origin_policy. You can use JSONP for GET requests if you have control over the server side code(you need the encapsulate the response with callback() ), but you cant use POST request as far as I know. Or you may set Access-Control-Allow-Origin: *. That is all i know :) – nilgun Jul 04 '12 at 20:34
  • Web services requires POST so i couldn't use JSONP and GET. Thanks for your helps, i think the best way, setting Access-Control-Allow-Origin: * – bahadir arslan Jul 05 '12 at 05:20