none
How to overcome Same Origin Policy in Apps RRS feed

  • Question

  • Hi,

    We are trying to build an app that will run from users local machine i.e. apps files will reside on localmachine rather than on a server. In the app I am calling a WCF service via jQuery's getJson method. I end up with cross domain call error "No Transport".

    I have considered below options

    1. use jsonp - i cannot use this as i need to pass a custom header to the service and also i feel this is not 100% safe.

    2.  Enable CORS (Cross-Origin Resource Sharing) - I guess i need to do this on the WCF service server. but i dont have control on this machine.

    3. Write a wrapper on top of WCF - even if i write a wrapper this is again need to be deployed somewhere. do i get the same problem again?

    Any other option to overcome this.

    Thanks,

    Raja


    Thanks,
    Raja Ramesh Varma
    http://my-devils-workshop.blogspot.com



    • Edited by R R Varma Wednesday, October 17, 2012 9:22 AM
    Wednesday, October 17, 2012 9:19 AM

Answers

  • Hello Raja,  the same origin policy is enforced by the browser and apps for office have exactly the same restrictions as any other web solution.  The good news is that we have also the same solutions. I am not sure if this was a previous solution you had and if you had this problem before. At any rate we are recommending 3 options to deal with this, all have peculiar benefits and technical considerations.

    1. JSONP - is the Defacto standard for this. Client-Side logic, seems to be optimal for your case. The considerations is that the server side service needs to support it and its no cookie-friendly.

    2. Custom Proxy: full flexibility and control, but requires server side logic on your app.

    3. CORS/XHR2: are generic W3C standards, no server side code needed and offers fine-gran control, but need server configuration (simple)

    sounds like you need to explore more on the third option, or evaluate your architecture.

    That said I would like to understand better your architecture. I was going to suggest to use server side code to over come this x-domain issue, but you mentioned that the app files are on the users local box.

    How is this? How are you planning on deploying your application? and why do you have this restriction?


    Thursday, October 18, 2012 1:09 PM
    Moderator