Play! 2.4: How to allow CORS from origin file://

Question

I\'m using play 2.4 to make a public REST API. I added the CORS filter allowing all origins and headers.

See from application.conf:

play.filters {
          


        

Answer 1

Ok, the problem comes from this line of code in the Play framework: https://github.com/playframework/playframework/blob/master/framework/src/play-filters-helpers/src/main/scala/play/filters/cors/AbstractCORSPolicy.scala#L322

As the URI is 'file://', the domain/host of the URI is null so new URI throws an error and then Play returns a 403 error. To fix this we need to patch the framework or try to change the origin to 'file://'.

I found a workaround for my use case: disable CORS on Play. Then when I use ajax from my cordova app, the origin isn't checked.

The problem with this workaround is that if I want to enable CORS on my Play project for any reason, the cordova app won't work since Play will check the origin and reject it.