0

I've written a pure JavaScript application that uses no server at all but lets you write and run 3D VPython animations when disconnected from the internet, without having to install anything such as Python or node. Just download and unzip this zip file and doubleclick GlowScript.html:

https://github.com/BruceSherwood/glowscript/blob/master/GlowScriptOffline2.7.zip

However, no matter where I place an image file or font file within this package, when attempting to reference this local file I get a CORS error which complains that the request is coming from "null". As a result, one has to be connected to the internet for images and fonts to work.

Is there some way to get around this CORS issue?

Bruce Sherwood

user1114907
  • 972
  • 8
  • 15
  • I can't reproduce this since there's too little info about what exactly I have to do. I downloaded `GlowScript.html` and opened it in the browser. What's next? Can you please update your question with details about what exactly I need to do to see the CORS error? – Michael Hausenblas Apr 23 '18 at 07:30
  • Sorry. When you open GlowScript.html you see a simple program to display a (3D) box. Click Run and you'll see it, and you can rotate the view (Ctrl-drag) and zoom (Alt-drag). Replace the box() statement with box(texture="glowscript_libraries/images/ui-icons_cd0a0a_256x240.png"), open the browser console, and you'll see this error message: Access to Image at 'file:///D:/0C/workspace/glowscript/GlowScriptOffline/glowscript_libraries/images/ui-icons_cd0a0a_256x240.png' from origin 'null' has been blocked by CORS policy: Invalid response. Origin 'null' is therefore not allowed access. – user1114907 Apr 24 '18 at 14:57
  • I've tried placing an image at other locations relative to GlowScript.html, to no avail. I always get the same CORS error. Obviously this is an unusual situation, that there is no server, but one might have expected that in this entirely local package there would not be a CORS violation. – user1114907 Apr 24 '18 at 15:04
  • Minor type in my first comment: Of course, after modifying the box() statement and opening the browser console, click Run to execute and see the CORS violation. – user1114907 Apr 24 '18 at 15:06
  • I guess one way of asking my question would be, "Is there some way for the origin to appear as something other than null?" or "Is there some way to CORS-enable a folder that is part of the package?" – user1114907 Apr 24 '18 at 17:09
  • Ah, got it. That's kinda by design, see for example https://stackoverflow.com/questions/41965066/access-to-image-from-origin-null-has-been-blocked-by-cors-policy – Michael Hausenblas Apr 24 '18 at 19:32
  • The last comment in that thread seems to imply that there is a work-around, but I don't understand the context of that code. Or is that a false hope? My intent was to provide the ability to write 3D animations in Python in the absence of internet access and without having to install Python or node or something to be able to run a server. Is it really the case that such an html/js tool can't read up images from the local drive? – user1114907 Apr 24 '18 at 23:32
  • Other than effectively disabling security (for example, with Chrome using `--disable-web-security`) I'm not aware of a solution, no. – Michael Hausenblas Apr 25 '18 at 09:25
  • Thanks! --disable-web-security could work in my case, which is the desire to run specifically when disconnected from the internet. It sure would be nice though for a user to be able to specify that a specific folder contains CORS-enabled files. – user1114907 Apr 25 '18 at 14:12

1 Answers1

1

It turns out that there is a way around the CORS constraints. Exit Chrome, then execute one of the following commands:

Windows: start chrome.exe --disable-web-security –-allow-file-access-from-files --user-data-dir

Mac: /Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --disable-web-security –-allow-file-access-from-files --user-data-dir

Linux: google-chrome --disable-web-security –-allow-file-access-from-files --user-data-dir

This will start up Chrome, which will give this warning: "You are using an unsupported command-line flag: --disable-web-security. Stability and security will suffer."

Doubleclick the html file for the offline package, and now the application is able to read image and font files that are part of the package.

user1114907
  • 972
  • 8
  • 15
  • Correction: It is not necessary to include –-allow-file-access-from-files. And I'll add that the zip file now includes a README file with details on how to use the package. – user1114907 May 07 '18 at 02:28