Difference in launching Angular JS application in Chrome and Safari?

Question

Team,

I am working on Angular JS application. When I want to test the app, I used to just launch the application directly into the browser from file system. The url would be like

file:///Users/easwar/AngularApp/index.html

When I need to launch the app in Chrome, I need to open the browser from terminal using the below command

open -a Google\ Chrome --args --disable-web-security -–allow-file-access-from-files

to avoid the below error.

"XMLHttpRequest cannot load , Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, https, chrome-extension-resource."

But surprisingly in Safari the app works fine without doing anything like this.

I would like to find what is the difference between these browser behaviors? Why its working in Safari and its not working in Chrome without a tweak?

Have you got [Disable Local File Restrictions](https://support.apple.com/en-gb/HT5364) set in your developer menu in Safari? — CodingIntrigue, Mar 18 '15 at 13:36
Had the same problem with Chrome when installing the Batarang plugin. Without a proper web server it did not work. — zszep, Mar 18 '15 at 13:37
If possible, create a local server so that you can access this via "http://localhost/YourWebsite". — KJ Price, Mar 18 '15 at 13:44
@RGraham Disable Local File Restrictions - enabled and disabled not making any difference. — Easwaramoorthy Kanagaraj, Mar 18 '15 at 13:54

score 1 · Answer 1 · edited May 23 '17 at 11:43

1

In short: google chrome doesn't like local cross calls. More found here: Cross origin requests are only supported for HTTP but it's not cross-domain .

It's Googles privacy and security policy: they try to avoid as much risks as possible, and local file calling seems to be one of them.

Read more on cross origin requests and how they're handled in Google Chrome here: https://developer.chrome.com/extensions/xhr

If you don't want to use those console commands, you might want to look for a webserver to host it (or a local webserver).

edited May 23 '17 at 11:43

Community

1
1

answered Mar 18 '15 at 13:44

Jordumus

2,763
2
21
38

1

I think the OP is aware of this. I think the question is, why does Safari allow it (at least in the OP's instance...I can't imagine it does) and Chrome doesn't. – CodingIntrigue Mar 18 '15 at 13:49
It's a question of how the browser handle the security, and sadly nothing to do with code. Safari decided to let it pass, Google doesn't. – Jordumus Mar 18 '15 at 13:50
@Jordumus If I assume that this is the default behavior of Safari (As I didnt do anything with its settings). Is it not harm? So, can we conclude Chrome is more secure? – Easwaramoorthy Kanagaraj Mar 18 '15 at 13:57
1

It really depends on what you call "secure": is calling a file on your local system a risk? Not really.. But what if you put that code on a site.. And the site tries to call a file on the local system of every visitor? Now: Safari will also block that 2nd part, because then it really is a "cross call" (from server to local computer). Chrome just is a bit more strict: local to local call is also blocked. – Jordumus Mar 18 '15 at 13:59
Sorry, *Original Poster*, i.e. you :) – CodingIntrigue Mar 18 '15 at 14:00
@EaswaramoorthyK: you are OP, it stands for "original poster", or the one who asked the original question. ;-) – Jordumus Mar 18 '15 at 14:00
Ah thanks! :) Need to learn jargons of stackoverflow as well. – Easwaramoorthy Kanagaraj Mar 18 '15 at 14:05
@Jordumus Are you sure that I am not missing any settings in Safari? – Easwaramoorthy Kanagaraj Mar 18 '15 at 14:07
I don't know the settings of Safari that well I'm afraid. – Jordumus Mar 18 '15 at 14:13

Difference in launching Angular JS application in Chrome and Safari?

1 Answers1