Login/Register
Access-Control-Allow-Origin Error At Android 4.1
Asked Answered
Solved javascriptandroidxmlhttprequestcross-domain
M

3

15

I have problems with Access-Control-Allow-Origin at Android 4.1

In my application i have some local HTML files and Javascripts which i was using to fetch data from web services. Until trying Android 4.1 there was no problem but after trying at Android 4.1 i got this error.

I read lots of documents but i couldn't find a way to solve this problem.

Minh answered 3/7, 2012 at 20:29 Comment(0)
M
52

you need to do something like

if (Build.VERSION.SDK_INT >= VERSION_CODES.JELLY_BEAN) 
  wv.getSettings().setAllowUniversalAccessFromFileURLs(true);
Marker answered 16/7, 2012 at 19:20 Comment(4)
Thanks, i will try it. But Google API emulators doesn't has this problem; it is interesting.Minh
I don't want to sound foolish, but what file do I add this to in my project?Plaintiff
@Plaintiff : put it wherever you're creating your WebView, like in an onCreateView or onCreate. You'll probably also do wv.getSettings().setJavaScriptEnabled(true), etc.Intergrade
what to do if I have project under api11 ?Strawflower
D
8

@I am Developer and the others who are facing the same problem.

Slushis solution works fine. But if you want to compile against and support systems below API11 you have to add the following:

if (Build.VERSION.SDK_INT >= 16) {  
    Class<?> clazz = webView.getSettings().getClass();
    Method method = clazz.getMethod("setAllowUniversalAccessFromFileURLs", boolean.class);
    if (method != null) {
        method.invoke(webView.getSettings(), true);
    }
}

This will load and invoke the method at runtime, so you can compile with e.g. Android 2.3.3.

Derogate answered 27/2, 2013 at 13:12 Comment(1)
Nice solution. Is there any option to disable this property for below SDK version 16.?Amorous
B
0

Are your web services hosting from the same domain ? I used to get this error while making an ajax call to a service under a different domain. If you have control on the web service, you can set Access-Control-Allow-Origin: * in the header, (although this way is not a secure way of doing so.)

Baucom answered 3/7, 2012 at 21:20 Comment(9)
Actually they are in the same domain but different subdomains. But i couldn't understand why i got this error only Android 4.1 and not older versions? What changed?Minh
Different subdomains are not also allowed. Chrome was acting really wierd ( it was working ok for my "get" request , but was changing my "post" request to "OPTIONS" request ), it took me a lot time to figure out the error. The error was gone when i put the services and client code under the same subdomain.Baucom
it is impossible for me; because client is mobile device :) thanks for your help.Minh
The problem is that if you are serving your service from domainname.com/subdomainname the url your client uses should be the same subdomainname. it is the url not mobile device.Baucom
i am sorry, i couldn't understand. my service is installed at sub.domain.com and i am trying to connect it from mobile device; but i got error because of origin is null and is not allowed by Access-Control-Allow-Origin.Minh
i thought you were trying to make an ajax call, as you tagged the question with javascript and xmlhttprequest. therefore client is the page you are running your javascript code which should be hosted under the same subdomain as your web service.Baucom
Yes you are right and that is the best solution but impossible to host my javascript at that server.Minh
You can read about Same-Origin-Policy here: en.wikipedia.org/wiki/Same_origin_policy. You can use JSONP for GET requests if you have control over the server side code(you need the encapsulate the response with callback() ), but you cant use POST request as far as I know. Or you may set Access-Control-Allow-Origin: *. That is all i know :)Baucom
Web services requires POST so i couldn't use JSONP and GET. Thanks for your helps, i think the best way, setting Access-Control-Allow-Origin: *Minh

© 2022 - 2024 — McMap. All rights reserved.