[x3d-public] ... cross-origin scripting errors
Andreas Plesch
andreasplesch at gmail.com
Wed Apr 13 10:38:52 PDT 2016
AFAIK, x3dom also requires running a local web server to access local files
and suggests to uses the http server which comes with python:
http://doc.x3dom.org/gettingStarted/pythonSimpleHTTP/index.html
Running a http server (but web browser ?) may be considered a security hole
if outgoing traffic somehow was not considered in security design. A local
http server would still work even if the machine is physically disconnected
from the network for maximum security.
It may be possible to package a small local web server, webkit with js
engine, and javascript app (cobweb) into a standalone application with a
custom UI which can open local files. But it would be a development effort
and the resulting application may be a larger security risk than a standard
web browser although it would not look like one.
-Andreas
Message: 4
> Date: Wed, 13 Apr 2016 10:57:34 +0200
> From: Holger Seelig <holger.seelig at yahoo.de>
> To: X3D Graphics public mailing list <x3d-public at web3d.org>
> Subject: [x3d-public] COBWEB v1.24 Firefox OK, other browsers have
> cross-origin scripting errors
> Message-ID: <570E09FE.2070509 at yahoo.de>
> Content-Type: text/plain; charset=utf-8; format=flowed
>
> Redirected:
>
> Am 13.04.2016 um 09:21 schrieb Don Brutzman:
> > thanks for detail. what i'm not understanding yet:
> >
> > - how can we make it so a file runs online or locally
> > - x3dom is able to achieve that, somehow. maybe a lesson learned.
> > - opening a web browser on a system might be OK for developers but is a
> > security hole, similar to plugin, and not allowable on enterprise systems
> >
> > can we have this dialog on the mail list? am hoping to get broader
> > insight, there might be something we don't know...
> >
> > On 4/13/2016 12:04 AM, Holger Seelig wrote:
> >> Using Google Chrome and Opera Browser with local files
> >>
> >> Cobweb makes use of the XMLHttpRequest object to load files and
> >> there's no way round that. But that means files loading using the
> >> file:// scheme protocol are subject to the same origin policy and are
> >> handled as cross origin requests (CORS) and cross origin requests are
> >> only supported for protocol schemes: http, data and https. That means
> >> Cobweb cannot make access to this files.
> >>
> >> To work around this problem you must set up a localhost server, than
> >> you can access your local files under the web address
> >> http://localhost/... This can be done using XAMPP from the
> >> https://www.apachefriends.org website. XAMPP is a completely free,
> >> easy to install Apache distribution containing MariaDB, PHP, and Perl.
> >> The XAMPP open source package has been set up to be incredibly easy to
> >> install and to use.
> >>
> >>
> >> Am 12.04.2016 um 19:42 schrieb Don Brutzman:
> >>> [cc: community]
> >>>
> >>> Hi Holger. I've updated the X3dToX3dom.xslt stylesheet and X3D-Edit to
> >>> support your latest version 1.24. Works great in Windows 7 in latest
> >>> Firefox v45.0.1.
> >>>
> >>> Conversion result attached. Wondering if it is correct since failures
> >>> are occurring in other web browsers.
> >>>
> >>> Unfortunately, other browsers fail and have similar errors, apparently
> >>> cross-origin scripting restrictions.
> >>>
> >>> Console excerpts follow. Please advise, am thinking this is a common
> >>> problem that someone on the mail list may be able to help with.
> >>>
> >>> ============================================
> >>> Internet Explorer "Edge" gives the following console error:
> >>> DOM7011: The code on this page disabled back and forward caching. For
> >>> more information, see: http://go.microsoft.com/fwlink/?LinkID=291337
> >>> File: HelloWorldCobweb.html
> >>>
> >>> ============================================
> >>> Chrome console reports a similar error:
> >>>
> >>> Welcome to Cobweb X3D Browser 1.24:
> >>> Current Graphics Renderer
> >>> Name: WebKit WebGL 1.0 (OpenGL ES 2.0 Chromium)
> >>> Shading language: WebGL GLSL ES 1.0 (OpenGL ES GLSL
> ES
> >>> 1.0 Chromium)
> >>> Rendering Properties
> >>> Antialiased: true
> >>> Color depth: 32 bits
> >>> Max clip planes: 6
> >>> Max lights: 8
> >>> Texture units: 16 / 32
> >>> Max texture size: 16384 ? 16384 pixel
> >>> Max vertex uniform vectors: 1024
> >>> Max fragment uniform vectors: 1024
> >>> Max vertex attribs: 16
> >>>
> >>> cobweb.min.js:11 XMLHttpRequest cannot load
> >>> file:///C:/x3d-code/www.web3d.org/x3d/content/examples/HelloWorld.x3d.
> >>> Cross origin requests are only supported for protocol schemes: http,
> >>> data, chrome, chrome-extension, https,
> >>> chrome-extension-resource.e.dataType.binary.e.dataType.send @
> >>> cobweb.min.js:11
> >>> cobweb.min.js:12 Couldn't load URL 'HelloWorld.x3d':
> >>> ...
> >>> ============================================
> >>>
> >>> Opera also reports a similar error:
> >>>
> >>> cobweb.min.js:32 Welcome to Cobweb X3D Browser 1.24:
> >>> Current Graphics Renderer
> >>> Name: WebKit WebGL 1.0 (OpenGL ES 2.0 Chromium)
> >>> Shading language: WebGL GLSL ES 1.0 (OpenGL ES GLSL
> ES
> >>> 1.0 Chromium)
> >>> Rendering Properties
> >>> Antialiased: true
> >>> Color depth: 32 bits
> >>> Max clip planes: 6
> >>> Max lights: 8
> >>> Texture units: 16 / 32
> >>> Max texture size: 16384 ? 16384 pixel
> >>> Max vertex uniform vectors: 1024
> >>> Max fragment uniform vectors: 1024
> >>> Max vertex attribs: 16
> >>>
> >>> cobweb.min.js:11 XMLHttpRequest cannot load
> >>> file:///C:/x3d-code/www.web3d.org/x3d/content/examples/HelloWorld.x3d.
> >>> Cross origin requests are only supported for protocol schemes: http,
> >>> data, chrome, chrome-extension, https,
> >>> chrome-extension-resource.e.dataType.binary.e.dataType.send @
> >>> cobweb.min.js:11oe.extend.ajax @
> >>> cobweb.min.js:3e.extend.loadDocumentAsync @
> >>> cobweb.min.js:12e.extend.loadDocument @
> >>> cobweb.min.js:12e.extend.createX3DFromURL @
> >>> cobweb.min.js:12e.extend.loadURL @ cobweb.min.js:32e.extend.realize @
> >>> cobweb.min.js:32t.processInterests @
> >>> cobweb.min.js:3e.extend.processEvent @ cobweb.min.js:4e.processEvents @
> >>> cobweb.min.js:8e.extend.traverse @ cobweb.min.js:23
> >>> cobweb.min.js:12 Couldn't load URL 'HelloWorld.x3d':
> >>> cobweb.min.js:11 XMLHttpRequest cannot load
> >>> file:///C:/x3d-code/www.web3d.org/x3d/content/examples/HelloWorld.x3d.
> >>> Cross origin requests are only supported for protocol schemes: http,
> >>> data, chrome, chrome-extension, https,
> >>> chrome-extension-resource.e.dataType.binary.e.dataType.send @
> >>> cobweb.min.js:11oe.extend.ajax @
> >>> cobweb.min.js:3e.extend.loadDocumentAsync @
> >>> cobweb.min.js:12e.extend.loadDocumentError @
> >>> cobweb.min.js:12e.ajax.error @ cobweb.min.js:12h @
> >>> cobweb.min.js:2d.fireWith @ cobweb.min.js:2i @ cobweb.min.js:3i.onerror
> >>> @ cobweb.min.js:11e.dataType.binary.e.dataType.send @
> >>> cobweb.min.js:11oe.extend.ajax @
> >>> cobweb.min.js:3e.extend.loadDocumentAsync @
> >>> cobweb.min.js:12e.extend.loadDocument @
> >>> cobweb.min.js:12e.extend.createX3DFromURL @
> >>> cobweb.min.js:12e.extend.loadURL @ cobweb.min.js:32e.extend.realize @
> >>> cobweb.min.js:32t.processInterests @
> >>> cobweb.min.js:3e.extend.processEvent @ cobweb.min.js:4e.processEvents @
> >>> cobweb.min.js:8e.extend.traverse @ cobweb.min.js:23
> >>> cobweb.min.js:12 Couldn't load URL
> >>> 'C:/x3d-code/www.web3d.org/x3d/content/examples/HelloWorld.x3d':
> >>> cobweb.min.js:11 GET
> >>>
> https://crossorigin.me/C:/x3d-code/www.web3d.org/x3d/content/examples/HelloWorld.x3d
> >>>
> >>> 500 ()e.dataType.binary.e.dataType.send @
> cobweb.min.js:11oe.extend.ajax
> >>> @ cobweb.min.js:3e.extend.loadDocumentAsync @
> >>> cobweb.min.js:12e.extend.loadDocumentError @
> >>> cobweb.min.js:12e.ajax.error @ cobweb.min.js:12h @
> >>> cobweb.min.js:2d.fireWith @ cobweb.min.js:2i @ cobweb.min.js:3i.onerror
> >>> @ cobweb.min.js:11e.dataType.binary.e.Re: [WWW-Vrml] ***
> dataType.send @
> >>> cobweb.min.js:11oe.extend.ajax @
> >>> cobweb.min.js:3e.extend.loadDocumentAsync @
> >>> cobweb.min.js:12e.extend.loadDocumentError @
> >>> cobweb.min.js:12e.ajax.error @ cobweb.min.js:12h @
> >>> cobweb.min.js:2d.fireWith @ cobweb.min.js:2i @ cobweb.min.js:3i.onerror
> >>> @ cobweb.min.js:11e.dataType.binary.e.dataType.send @
> >>> cobweb.min.js:11oe.extend.ajax @
> >>> cobweb.min.js:3e.extend.loadDocumentAsync @
> >>> cobweb.min.js:12e.extend.loadDocument @
> >>> cobweb.min.js:12e.extend.createX3DFromURL @
> >>> cobweb.min.js:12e.extend.loadURL @ cobweb.min.js:32e.extend.realize @
> >>> cobweb.min.js
> >>> :32t.pr
> >>>
> >>> ocessInterests @ cobweb.min.js:3e.extend.processEvent @
> >>> cobweb.min.js:4e.processEvents @ cobweb.min.js:8e.extend.traverse @
> >>> cobweb.min.js:23
> >>> cobweb.min.js:12 Couldn't load URL
> >>> '
> https://crossorigin.me/C:/x3d-code/www.web3d.org/x3d/content/examples/HelloWorld.x3d
> ':
> >>>
> >>>
> >>>
> >>> ============================================
> >>>
> >>> On 4/4/2016 9:52 AM, Holger Seelig wrote:
> >>>> Cobweb X3D Browser, Version 1.23
> >>>>
> >>>> We finally released Cobweb version 1.23, now. This is the first
> >>>> official release for Opera Browser, Google Chrome and Mozilla Firefox.
> >>>> We did not celebrate this remarkable event yet, but beer was already
> >>>> purchased and would be used this week for sure.
> >>>>
> >>>> I should say that Cobweb 1.23 took a lot of effort and we are proud to
> >>>> announce that the final result exceeded our expectations. The journey
> >>>> had just begun!
> >>>>
> >>>> We?ve gathered as much feedback about Cobweb 1.22 as possible from our
> >>>> users and eliminated many mistakes and crude points in the new
> >>>> release. Cobweb is now ready for Opera and Chrome. We are not
> >>>> inventing new functions. Instead, the stable code base of Cobweb
> >>>> makes it possible to run in different browsers.
> >>>>
> >>>> Additionally we added three new examples to our website
> >>>> http://titania.create3000.de/cobweb/. First, ?Milkyway and Beyond?
> an
> >>>> example how to visualise huge scientific data of our universe.
> >>>> Second, ?FourmiEarth? processed data from the well known Fourmilab
> >>>> website, to display a pleasant view of our home planet. Third,
> >>>> ?Currencies? processes data of the currencies data of the European
> >>>> Central Bank, to show a nice animated graph of it. To do this we draw
> >>>> thick 3D lines using an Extrusion node.
> >>>>
> >>>> Visit Cobweb website now:
> >>>> http://titania.create3000.de/cobweb/
> >>>>
> >>>> Thank to all who helped us.
> >>>
> >>>
> >>> all the best, Don
> >>
> >>
> >
> >
> > all the best, Don
>
>
> --
> Holger Seelig
> Mediengestalter Digital ? Digital Media Designer
>
> Scheffelstra?e 31a
> 04277 Leipzig
> Germany
>
> Cellular: +49 1577 147 26 11
> E-Mail: holger.seelig at create3000.de
> Web: http://titania.create3000.de
>
> Future to the fantasy ? ?
>
>
>
> ------------------------------
>
> Subject: Digest Footer
>
> _______________________________________________
> x3d-public mailing list
> x3d-public at web3d.org
> http://web3d.org/mailman/listinfo/x3d-public_web3d.org
>
>
> ------------------------------
>
> End of x3d-public Digest, Vol 85, Issue 23
> ******************************************
>
--
Andreas Plesch
39 Barbara Rd.
Waltham, MA 02453
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://web3d.org/pipermail/x3d-public_web3d.org/attachments/20160413/9ee002ad/attachment-0001.html>
More information about the x3d-public
mailing list