Ajax, CORS, null domain

Can I connect via ajax to a CORS-enabled (PHP) server from an html document open from the file system (no server / null domain)? I would confirm this myself, but I do not currently have access to a server on which I could test this.

I have some half-developed code on a project that would need to be able to connect to a server via ajax even when opened from the file system, and I’d just like to confirm that this concept works before I spend more time finishing my work

27 thoughts on “Ajax, CORS, null domain”

  1. Yes as long as the server allows the AJAX request method and origin, specified in its Access-Control headers.

    "Access-Control-Allow-Origin": "*",
    "Access-Control-Allow-Methods": "GET,PUT,POST,DELETE,PATCH,OPTIONS"
    "Access-Control-Allow-Headers": "Content-Type,Authorization"

    To disable Authorization checks:

    "Access-Control-Allow-Headers": "*"

    You also need to disable web security checks for some browsers where you open the file URL, in Chrome for example:

    $ google-chrome --disable-web-security

    Safari has stricter requirements for CORS so maybe you will need to add more allowed headers (depending on your request). In Safari we need to Disable Cross-Origin Restrictions in the Safari Browser Developer menu.


Leave a Comment