<![CDATA[clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy]]>Hello,

I am experimenting with clickable HTML app.
I am using clickable 7.6.0

I generate a template using clickable create and I select HTML template.

Then I try modifying the index.html webpage adding a simple ajax request:

<script>
	function run() {

		// Creating Our XMLHttpRequest object
		var xhr = new XMLHttpRequest();

		// Making our connection
		var url = 'https://jsonplaceholder.typicode.com/todos/1';
		xhr.open("GET", url, true);

		// function execute after request is successful
		xhr.onreadystatechange = function () {
			if (this.readyState == 4 && this.status == 200) {
				console.log(this.responseText);
			}
		}
		// Sending our request
		xhr.send();
	}
	run();
</script>

While this code works opening the index.html file on Firefox, it seems ajax requests are blocked from the webapp-containter. I get this error:

qml: [JS] (file:///home/bob0/Desktop/testapp/build/all/app/install/www/index.html:0) Access to XMLHttpRequest at 'https://jsonplaceholder.typicode.com/todos/1' from origin 'file://' has been blocked by CORS policy: Cross origin requests are only supported for protocol schemes: http, data, chrome, chrome-extension, chrome-untrusted, https.

How can I enable the possibility make AJAX request from an HTML app? Is there any setting/policy to be changed?

Thank you in advance for your help!

]]>https://forums.ubports.com/topic/8266/clickable-html-app-accesss-to-xmlhttprequest-from-origin-file-has-been-blocked-by-cors-policyRSS for NodeMon, 09 Mar 2026 18:29:24 GMTThu, 03 Nov 2022 07:38:19 GMT60<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Fri, 02 Dec 2022 05:29:24 GMT]]>@aitzol if you mean, your app works on the desktop bit not on the device, you are probably missing the networking policy in your apparmor manifest file. See here for further information

]]>https://forums.ubports.com/post/68877https://forums.ubports.com/post/68877Fri, 02 Dec 2022 05:29:24 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 01 Dec 2022 09:58:47 GMT]]>@lduboeuf only works for desktop

]]>https://forums.ubports.com/post/68843https://forums.ubports.com/post/68843Thu, 01 Dec 2022 09:58:47 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 03 Nov 2022 21:04:55 GMT]]>@lduboeuf It seems creating a QML container app works better thatn the HTML template method. Thank you for sending the link to your project.

]]>https://forums.ubports.com/post/68241https://forums.ubports.com/post/68241Thu, 03 Nov 2022 21:04:55 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 03 Nov 2022 20:43:05 GMT]]>When testing with clickable desktop, the app performs AJAX calls without any problem.

However, when testing on a real device (PinePhone, in my case), AJAX calls are still blocked...

]]>https://forums.ubports.com/post/68240https://forums.ubports.com/post/68240Thu, 03 Nov 2022 20:43:05 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 03 Nov 2022 15:12:29 GMT]]>@lduboeuf @bob0 This can also be achieved in the webview component: https://gitlab.com/cibersheep/quixe-qml/-/blob/master/qml/WebviewPage.qml#L41

]]>https://forums.ubports.com/post/68229https://forums.ubports.com/post/68229Thu, 03 Nov 2022 15:12:29 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 03 Nov 2022 11:56:21 GMT]]>@bob0 said in clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy:

@lduboeuf Thank you. It works. Just for my curiosity, was this documented somewhere?

This is standard "Chrome" security policy AFAIK

]]>https://forums.ubports.com/post/68220https://forums.ubports.com/post/68220Thu, 03 Nov 2022 11:56:21 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 03 Nov 2022 11:54:55 GMT]]>@lduboeuf Thank you. It works. Just for my curiosity, was this documented somewhere?

]]>https://forums.ubports.com/post/68218https://forums.ubports.com/post/68218Thu, 03 Nov 2022 11:54:55 GMT<![CDATA[Reply to clickable html app: Accesss to XMLHttpRequest from origin 'file://' has been blocked by CORS policy on Thu, 03 Nov 2022 11:35:09 GMT]]>@bob0 in your desktop file, append --disable-web-security in your "Exec" line

]]>https://forums.ubports.com/post/68216https://forums.ubports.com/post/68216Thu, 03 Nov 2022 11:35:09 GMT