1

I have a jquery/AJAX sign in page that works perfectly in all browsers except Chrome. It seems I have bumped into an issue in Chrome which is covered at Problems with jQuery getJSON using local files in Chrome - some say it is a bug, others say it is good security. I say it is frustrating.

I should add that the sign in actually works, it is the AJAXiness that breaks. A solution is to add --allow-file-access-from-files to the startup environment. Fine, but how does this solve the problem for site visitors who use Chrome?

As a Chrome user it would be ironic to have to code to check for users with Chrome and say "use something else".

Does anyone have any idea on how it might be possible to code around this issue?

For what it is worth, here is the code:

$(document).ready(function()
{
    $("#login_form").submit(function()
    {
        //remove all the class add the messagebox classes and start fading
        $("#msgbox").removeClass().addClass('messagebox').text('Checking...').fadeIn(1000);
        //check the username exists or not from ajax
        $.post("/ajaxsignin.php",{email:$('#email').val(), password:$('#password').val(), remember:$('#remember').val(), rand:Math.random()} ,function(data)
        {
          if(data.success) //if correct login detail
          { 
/////////////////////////////////////////////////////////////////////
//  if I put an alert() here, Chrome just doesn't see it but all other browsers do
//////////////////////////////////////////////////////////////////////

                document.getElementById("msgbox").innerHTML='Sign in successful';

                document.getElementById("topmenutext").style.paddingTop='3px';

                document.getElementById("topmenutext").innerHTML="BUG REPORT    |sign out|contact|help";

                var sPath = window.location.pathname;
                var sPage = sPath.substring(sPath.lastIndexOf('/') + 1);

                if(sPage == "register.php" || sPage == "index.php" || sPage == ""){
                    window.location.href='menu.php';
                }
                else{
                    disablePopup();
                }

          }
          else //if login failed
          {
              $("#msgbox").fadeTo(200,0.1,function() //start fading the messagebox
            { 
              //add message and change the class of the box and start fading
              $(this).html('Login failed - perhaps you need to register for an account').addClass('messageboxerror').fadeTo(900,1);
            });     
          }

        },"json");
        return false; //not to post the  form physically
    });
    //now call the ajax also focus move from 
    $("#submitbtn").click(function()
    {
        $("#login_form").trigger('submit');
    });
});
Community
  • 1
  • 1
Steve
  • 1,371
  • 1
  • 16
  • 38

2 Answers2

1

Don't use that flag. You're opening your machine or your users machines to attacks. Instead run a local server. It's as easy as opening a shell/terminal/commandline and typing

cd path/to/files
python -m SimpleHTTPServer

Then pointing your browser to

http://localhost:8000

If you find it's too slow consider this solution

gman
  • 100,619
  • 31
  • 269
  • 393
1

This should only a problem if you are trying to use Chrome to load files from your local file system. This is because Chrome has a insanely restrictive AJAX policies on the filesystem.

Essentially, Chrome does not allow AJAX requests to files outside the html page's folder. To fix this, just serve your files from a web server. Your site visitors are probably going to access your site through a web server anyway, so this should not be a problem to them.

Benny Johansson
  • 761
  • 6
  • 18