15

This is my code:

this.loadMap = function () {
    this._map = null;
    this._width = 0;
    this._height = 0;
    this._playerX = 0;
    this._playerY = 0;
    this.finished = false;
    this.loaded = false;
    $.ajax({
        type: "GET",
        url: "maze1.xml",
        dataType: "xml",
        success: this.parseXmlMap,
        context: this
    });
};

The error i'm getting is

"XMLHttpRequest cannot load file:///C:/wamp/www/mazegame/maze1.xml. Origin null is not allowed by Access-Control-Allow-Origin".

This same script works fine in Firefox

Stecya
  • 22,896
  • 10
  • 72
  • 102
eabait
  • 1,196
  • 2
  • 10
  • 16
  • possible duplicate of [XMLHttpRequest Origin null is not allowed Access-Control-Allow-Origin for file:/// to file:/// (Serverless)](http://stackoverflow.com/questions/4208530/xmlhttprequest-origin-null-is-not-allowed-access-control-allow-origin-for-file) – T J Sep 05 '14 at 05:01

5 Answers5

27

You're testing this in Chrome? What's basically happening is because you're loading the file from your filesystem instead of from a server, Chrome is setting your origin to null even though the resource you're requesting is local to you. If you were to do this from an HTTP server such as Apache, I think it would work just fine.

Michael McTiernan
  • 5,153
  • 2
  • 25
  • 16
19

Yes, Google in their blessed wisdom decided that Chrome will not permit an access to local files for rather obscure security reasons. Every two local files are considered as if they were from different domains, and accessing a local file is considered a cross-site request.

There is a workaround, but useful only in some situations: If you can run Chrome with a command line parameter --allow-file-access-from-files, the security check will not be done.

Paul D. Waite
  • 96,640
  • 56
  • 199
  • 270
Juggernaut
  • 199
  • 1
  • 2
  • 3
    Its a rather obvious security reason. Allowing local files to be accessed via AJAX would allow any website to probe your computer. – Robert Hurst Sep 13 '11 at 23:49
  • 12
    @RobertHurst except that the origin is also a local file, so it's not "any web site" accessing the files (it's me!) :) – Kato Jan 30 '12 at 16:05
6

I had this same issue with Chrome (Version 20.0.1132.57) and using --allow-file-access-from-files didn't work for me (on Ubuntu 12.04).

But, using the command python -m SimpleHTTPServer in the directory that holds the localfiles I'm trying to test with allows me to work around the problem. That command launches an HTTP server that serves the current directory tree at http://localhost:8000/

So, if I have a file test.html that uses an ajax call for a file in the same dir I can use http://localhost:8000/test.html and Chrome will be ok with it. For me, this is fine for local dev/testing.

I came across that command on www.commandlinefu.com.

SashaZd
  • 3,315
  • 1
  • 26
  • 48
user1052313
  • 113
  • 2
  • 7
5

Just to reiterate what Paul & Juggernaut said:

In OSX open terminal and paste this command

/Applications/Google\ Chrome.app/Contents/MacOS/Google\ Chrome --allow-file-access-from-files
jwerre
  • 9,179
  • 9
  • 60
  • 69
1

You try to access both web page and resources file as file route file:///

You can do following in OSX

open /Applications/Google\ Chrome.app --args --allow-file-access-from-files

try to request web page with local server (http://localhost/your_website.html)

read more about cross site and iFrame at http://weblog.bocoup.com/third-party-javascript-development-future/

Botz3000
  • 39,020
  • 8
  • 103
  • 127
Aung Zan Baw
  • 392
  • 2
  • 8