4

I get the following error in Chrome when loading a trivially simple html file with a jQuery Mobile reference. The error is not present with just the jQuery reference.

Uncaught SecurityError: Failed to execute 'replaceState' on 'History': A history state object with URL 'http://stacksnippets.net/js' cannot be created in a document with origin 'null'.

<html>
<head>
<script src="https://code.jquery.com/jquery-2.1.4.js"></script>
<script src="https://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.js"></script>
</head>
<body></body>
</html>

You can also "Run code snippet" and see the error in the console.

This error did not happen before today. I have not changed my code or method of loading the html file in the browser. It used to work perfectly - I use the same code for all my PhoneGap apps.

Does anyone know if there was a Chrome security update that causes this SecurityError or whether I'm missing something? How would you go about debugging this? Thank you.

UPDATE

This discussion I think points out what is going on, which I suspected, since the error does not appear when running with a web server: Origin null is not allowed by Access-Control-Allow-Origin .

But I am still wondering why this changed in the past day, whether Chrome has had a change in their security policy, or why it was working before, and whether any of my PhoneGap apps will be affected.

Community
  • 1
  • 1
raduation
  • 792
  • 5
  • 11
  • Possible duplicate of [Failed to execute 'replaceState' on 'History' cannot be created in a document with origin 'null'](http://stackoverflow.com/questions/32481260/failed-to-execute-replacestate-on-history-local-url-cannot-be-created-in-a) – GingerPlusPlus Nov 23 '15 at 16:47

4 Answers4

4

This error is same as the origin is null error. This error occurs because of the security feature of Chrome. A simple solution to test the application is to bypass this security on chrome.

Steps:

  1. create a chrome browser shortcut on desktop.
  2. Close all the instances of chrome on your machine.
  3. Right click on the desktop shortcut of chrome and click on Properties.
  4. in Target field, append " -allow-file-access-from-files" at the end.
  5. Save and close properties.
  6. Open chrome via this shortcut only.

Hurry, the error has gone. App works perfectly.

NOTE: This is just a work-around I use to test my cordova apps on desktop browser for UI testing.

saurabh
  • 729
  • 1
  • 7
  • 16
  • Yeah, I've seen this flag mentioned in other discussions of this problem, but it doesn't really answer my question of why Chrome started generating an error one day, whereas it worked before. What is a "desktop browser"? – raduation Sep 07 '15 at 15:26
  • @raduation Browser for desktop OS, which are OS made for run (not exclusive) on desktop computers (that will run on notebooks, and some others compatible devices as well). As opposed to "phone browsers" or "mobile browsers", etc. – ESL Jul 05 '17 at 17:18
2

Temporary solution: I've commented out all history.replaceState calls in jquery mobile, didn't need to manipulate browser history in my app anyways.

I wonder if it's chrome security bug or model and future behavior.

t2n
  • 48
  • 5
  • Yeah, I had the same thought, but I'm wary of changing that code especially if I have to later update jQuery Mobile. I guess I can either submit a feature request to their group or make do with a hack version. For now I'm using a web server for dev. – raduation Sep 04 '15 at 16:59
  • 1
    @t2n: Do not modify the core jqm. Refer my answer. Just add a script before importing jqm and it works!! – ngrashia Sep 25 '15 at 04:06
  • It would be nice if JQM check that before run. – ESL Jul 05 '17 at 17:14
1

On a Mac I was able to fix this by running a webserver instead of loading it from a "file://" url:

http://lifehacker.com/start-a-simple-web-server-from-any-directory-on-your-ma-496425450?utm_expid=66866090-49.VYy4WCNHSyuP6EmjnM93MQ.0&utm_referrer=https%3A%2F%2Fwww.google.com%2F

python -m SimpleHTTPServer 8000

In the directory should make it available from Chrome via 0.0.0.0

Doug Molineux
  • 12,283
  • 25
  • 92
  • 144
  • Yes, it works fine on a web server. The question though is why it doesn't work in Chrome, loaded from the local file system. – raduation Sep 07 '15 at 18:07
  • agreed, but when i googled this problem i wanted a quick and dirty fix, found this question, and there wasn't really any useful information. Hopefully, it will help someone – Doug Molineux Sep 17 '15 at 19:41
0

I don't seem to have the same problem, not on the stable version of Chrome (45) or the Dev version (47).

However, I have personally seen issues with the CORS header, too. If you can cause the problem to happen reliably, I suggest filing a bug at crbug.com and a Chrome developer will have a look at it.

Lucas Garron
  • 46
  • 3