0

the following code works fine on Safari.

On Chrome, it fails due to:

"XMLHttpRequest cannot load file:///Users/jem/Sites/AA/data/articles.csv. Origin null is not allowed by Access-Control-Allow-Origin."

What does this mean? How can I properly read this file using a synchronous call?

function(file) {

    var content;

    $.ajax({
        url : file,
        success : function (data) {
            content = data.split(/\r\n|\n/);

        },
        async: false
    });

    return content;
}
Lee Taylor
  • 7,761
  • 16
  • 33
  • 49
Jem
  • 6,226
  • 14
  • 56
  • 74
  • 1
    It's scary that Safari will let you do that... Think of things like `file:///proc/cpuinfo` that would let a malicious website detect architecture and other info that could let it try a much more precise infection. Although things can't be modified this way, a *lot* of data can be accessed through `/proc`. A lot of valuable, data mineable, hackable data. Almost any data in `/proc` could probably be used maliciously. – Linuxios Sep 07 '12 at 15:01
  • Duplicates: http://stackoverflow.com/questions/5224017/origin-null-is-not-allowed-by-access-control-allow-origin-in-chrome-why, http://stackoverflow.com/questions/4208530/xmlhttprequest-origin-null-is-not-allowed-access-control-access-allow-for-file, http://stackoverflow.com/questions/10865869/origin-null-is-not-allowed-by-access-control-allow-origin, http://stackoverflow.com/questions/8456538/origin-null-is-not-allowed-by-access-control-allow-origin, http://stackoverflow.com/questions/3851691/load-local-json-files-via-file-triggers-cross-domain-null-origin-violation-s. – apsillers Sep 07 '12 at 15:06
  • @Linuxios Safari may do [something like Firefox](https://developer.mozilla.org/en-US/docs/Same-origin_policy_for_file:_URIs) and restrict the origin of `file:` pages to the same directory or subdirectories. So, if you open a newly-downloaded HTML file in your Downloads folder, it could poke around in that directory to read files, but it could *not* go *up* the file system tree to reach `/proc`. (Which is not to say that letting a strange HTML page read any file in your Downloads folder is a good thing, of course!) – apsillers Sep 07 '12 at 15:12
  • @apsillers: That makes me feel better, but I think this is a question about a internet served web pages. Because `/proc` is chock full of sensitive data. – Linuxios Sep 07 '12 at 15:14

1 Answers1

3

The problem is that chrome does not allow you to load files from your local system by default using ajax. This is a security setting.

Start Chrome using the --allow-file-access-from-files parameter to skip this security check.

chrome.exe --allow-file-access-from-files

Koen Peters
  • 12,798
  • 6
  • 36
  • 59
  • Ok, but imagine I'm sending this to a colleague who has no access to the test webserver / has no local webserver. The csv file is under the ./data folder. How can I make this work for him? – Jem Sep 07 '12 at 15:11
  • 2
    You can't. Not using the file:// approach. You'll need to put the file on the server and link to it using http://. It also needs to be on the same domain or else you'll get a domain policy warning. – Koen Peters Sep 07 '12 at 15:14
  • @Jem I don't quite understand your comment. This answer does not require a Web server -- if your colleague does not have access to a Web server (but has the HTML file and the `./data` folder), he should follow the exact advice in this answer and use the `--allow-file-access-from-files` flag. (Or have I misread/misunderstood something?) – apsillers Sep 07 '12 at 15:16