Sunday, November 24, 2019

How to defeat Chrome CORB for XHR access to

How to defeat CORB (Cross-Origin Read Blocking) and allow javascript to access local web server running on localhost ( over XHR:

  1. Select a random domain and point it to in your HOSTS file
  2. Direct your XHR connections to that domain instead of
  3. You will need to enable SSL/TLS on your local web server.
    • If you are coding your own sockets server in C here is a guide on how to SSL enable them.
    • Or you can base your simple local server on a light web server that supports SSL/TLS out of the box: abyssws I chose this faster solution and had it serve files dynamically dumped out by my existing logic to specific doc paths under the server's root.
  4. You will need to make sure that your local server's responses always include this CORS header: Access-Control-Allow-Origin: *

It should be working now.

No comments:

Post a Comment