-3

I stumbled several time upon CORS-policy related errors, which propelled me to run my js code (which imports images) on a python http.server.

What I understand is this : for security reasons, I cannot import something that has some origin X from a script that has another origin Y (hence the name). So far so good.

So when I both run my code and expose my ressources on the same (althrough localhost) server with python, the CORS policy has nothing to say since the images and the script have the same origin (that is, the server)

But then why doesn't it work with a script located on my computer if the images also are on it ?

Thanks for reading !

Alphasaft
  • 137
  • 6
  • Protocol, Domain/ sub domain/ IP and port are used to resolve so localhost:8080 is not the same as locahost:8081 or app1.xyz.com is not the same as xyz.com plus there are many blogs and answers on stackover flow please use google and you should be able to understand more. Also CORS is enforced by the client (browser) so a programamtic request wont be blocked by CORS unless you have a code/ filter for that in yourClient. Browsers do.can disable it in chrome for testing https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome your users wont have this so u need to fix it – tgkprog Sep 02 '23 at 17:42
  • Hard to say without knowing what you are actually doing ... – derpirscher Sep 02 '23 at 17:46

1 Answers1

0

File scheme origins are always unique.

It would be dangerous for any HTML document saved to your disk to have access to every file on that disk.

Doubly so when you consider that if someone were to email you an HTML document and you double clicked the attachment, then most email clients would save it to a temporary folder on your disk and tell the default browser to open it from there.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • Got it, thanks ! – Alphasaft Sep 02 '23 at 17:46
  • " server with python" sounds like OP has a web server runnig on localhost. But yes accessing a file d:\directory_xyz\file.html or /xyz/file.html on a browser wont work, need to use a local server with http://127.0.0.1/contextXyz/file.html or https – tgkprog Sep 02 '23 at 18:06
  • @tgkprog — They were asking why they needed to run the server instead of just using the local file system directly. – Quentin Sep 02 '23 at 19:38