Access-Control-Allow-Origin header when Origin 'null' when trying to post data to a LOCAL application

Question

I'm working on a program which will help interface with your bitcoin wallet via the browser.

By setting up the bitcoin client as a server with the following commands in it's .conf file...

server=1
rpcuser=test
rpcpassword=test
rpcallowip=127.0.0.1

It will allow it to run as a server and thus let you post JSON commands at it. I've gotten this to work with the following code below.

       $.ajax({
            url: 'http://test:test@127.0.0.1:29661',
            type: 'POST',
            contenType: 'application/json',
            cache:false,
            dataType:"json",
            data: '{"jsonrpc": "1.0", "id":"curltest", "method": "getinfo", "params": [] }',
            timeout: 15000,
        })
        .done(function(msg){
            alert(msg);
        });

BUT, it only works if I render Google Chrome with security features disabled, thus removing the CORS security restrictions which will not be acceptable for users.

Since this is trying to connect on the local file system to the bitcoin server and the file I'm running from IS on the local file system why am I getting CORS errors since they should be on the same domain? and how do I get around it?

I have to access the local file for testing via file:/// (which to my understanding 'might' have limited CORS support). This is how the users would work with it as well though.

::Methods Tried Already::

jsonp - this fails to work because it can only do GET requests and I need to do POST requests. This works by creating a script tag on the DOM and GET'ing the data and requires a callback function to get the data out of it. Kind of a hack, but unfortunately this does not work because I need to POST the data.

easyXDM - Tried this, but failed because it does not support the file:/// protocol :( :(, otherwise would have been what I needed.

WebSockets - Requires server to have implementation of this, I can't change the bitcoin source.

Access-Control-Allow-Origin in Server Headers when serving file - This would work if the file came from a server but its just on the local system file:///, this is because its going to access data coming from the bitcoin client and graphically display information.

What is the domain of the page you are making the POST from? — Kurtfm, Jul 16 '14 at 00:30
I'm making it from file://, so there is no domain name. This is the problem :(. — Joseph Astrahan, Jul 16 '14 at 00:35
use jsonp or serve the html from the same ip/port as the data. — dandavis, Jul 16 '14 at 01:38
I tried jsonp already it does not work because you can not POST data to the bitcoin client. I need to be able to POST the json in data to it. How can I serve the html from the same ip/port as the data? If the answer is I need a webserver (which I wish it could be the answer), but I can't because I can't expect my userbase to know how to install and set that up correctly. — Joseph Astrahan, Jul 16 '14 at 01:55
don't use file:///, use fiddle or some other real http site to talk to 127.0.0.1. if the 127 "server" doesn't emit cors, and you can't control it's output at all, then you'll need to make a browser add-on, a node-webkit app, a firefox packaged app, an HTA file, etc... — dandavis, Jul 16 '14 at 02:08
I have to use file:/// due to the nature of the project. What is happening is I'm making an addon to bitcoin which will open a local file and connect to the bitcoin client to get data about it and display. Putting this on a server will not be decentralized and would also be a security risk to users private/public keys and therefore their bitcoin & money. — Joseph Astrahan, Jul 16 '14 at 02:12

score 2 · Accepted Answer · answered Jul 16 '14 at 05:01

2

Ok I solved the issue. I had to edit the bitcoinrpc file it's self to handle CORS.

http://www.html5rocks.com/en/tutorials/cors/

The above link gave me lots of helpful info on how to do that, in particular the fact that it had to be done in two stages.

There is the preflight request, and preflight response, then the actual request and actual response.

So I edited the bitcoinrpc.cpp file to handle this. If anyone wants to see exactly how I implemented it I'll link to the github source code.

answered Jul 16 '14 at 05:01

Joseph Astrahan

8,659
12
83
154

Congratulations for finding a solution! I also have a lot of trouble interacting with a bitcoin JSON-RPC server. Could you give me the github link showing the changes you made to the bitcoinrpc.cpp file? Thank you. – Polux2 Apr 08 '17 at 21:11
This was so long ago, I'm not sure if I have the file anymore, but if you need help hit me up in a chat on here, this was not to bad to do if you check out that tutorial. I might be slow to respond a bit but will do best to help. – Joseph Astrahan Apr 09 '17 at 10:25
basically you have to simulate how cors works with bitcoin so it knows your application is safe. Its a handshake process trading headers back and forth. – Joseph Astrahan Apr 09 '17 at 10:27
Thanks for your help. I'm trying to make a web wallet for an altcoin. My problem is to write the preflight response in the bitcoinrpc.cpp module so that OPTIONS request return the status code OK. – Polux2 Apr 09 '17 at 20:18
The opensource code for cloakcoin is where I programmed this, if you look at the source for that maybe they still have it in there. – Joseph Astrahan Apr 10 '17 at 08:47

Access-Control-Allow-Origin header when Origin 'null' when trying to post data to a LOCAL application

1 Answers1

Linked