javascript - JavaFX WebView disable Same origin policy (allow cross domain requests) - Stack Overflow

admin管理员组

文章数量:1349176

I'm developing a JavaFX application that is mostly a glorified web page. It's a desktop application (it's no embedded into a web page) and it has a Web View for the main UI. The application itself serves the sole purpose of accessing Bluetooth devices using Bluecove because that's not possible directly with JavaScript on a web browser.

The proof of concept works ok (I was able to call JavaScript code from Java and vice-versa) but I have one extra requirement of calling arbitrary web services/API from within JavaScript but this violates the same origin policy (similar to this on Android: Allow remote ajax calls in an Android Webview + jquery mobile). Is this possible on JavaFX? Any tips?

P.S.: I'm using JavaFX 2.2.

I'm developing a JavaFX application that is mostly a glorified web page. It's a desktop application (it's no embedded into a web page) and it has a Web View for the main UI. The application itself serves the sole purpose of accessing Bluetooth devices using Bluecove because that's not possible directly with JavaScript on a web browser.

The proof of concept works ok (I was able to call JavaScript code from Java and vice-versa) but I have one extra requirement of calling arbitrary web services/API from within JavaScript but this violates the same origin policy (similar to this on Android: Allow remote ajax calls in an Android Webview + jquery mobile). Is this possible on JavaFX? Any tips?

P.S.: I'm using JavaFX 2.2.

• javascript
• cross-domain
• javafx
• same-origin-policy

Share Improve this question Follow edited May 23, 2017 at 12:10 CommunityBot 111 silver badge asked Apr 25, 2013 at 13:18 petersaintspetersaints 1,97944 gold badges2020 silver badges2525 bronze badges

Add a ment  | 

3 Answers 3

Sorted by: Reset to default 7

Basically, javaFx has the issue which is coupled with CORS - https://javafx-jira.kenai./browse/RT-35868. Assuming that web services which you are using, have CORS enabled you can try the following approach:

• System.setProperty("sun.http.allowRestrictedHeaders", "true")

OR

• java -Dsun.http.allowRestrictedHeaders=true <your main class here>

Hope it will help you

Since you are already running in JavaFX as a desktop application, you can do your JavaScript call via Java, where the same-origin policy does not apply.

Alternatively, this answer to the SO question you've posted seems to be a viable alternative.

Look at this answer first, then look at my answer：How can I work around YouTube API embed restrictions like other websites?

if ("sun/net/www/protocol/http/HttpURLConnection".equals(className)) {
        try {
            CtClass ctClass = classPool.makeClass(new ByteArrayInputStream(classfileBuffer));
            CtMethod method = ctClass.getDeclaredMethod("getFilteredHeaderFields");
            // inject cross domain code
            injectCrossDomain(method);
            byteCode = ctClass.toBytecode();
            ctClass.detach();
        } catch (Exception e) {
            e.printStackTrace();
            throw new CatalinaException(e);
        }
}


----------------injectCrossDomain----------------

private void injectCrossDomain(CtMethod method) throws CannotCompileException {
        StringBuilder sb = new StringBuilder();

        sb.append("if (this.filteredHeaders != null) {");
        sb.append("    return this.filteredHeaders;");
        sb.append("} else {");
        sb.append("    java.util.HashMap var2 = new java.util.HashMap();");
        sb.append("    java.util.Map var1;");
        sb.append("    if (this.cachedHeaders != null) {");
        sb.append("        var1 = this.cachedHeaders.getHeaders();");
        sb.append("    } else {");
        sb.append("        var1 = this.responses.getHeaders();");
        sb.append("    }");
        sb.append("    java.util.Iterator var3 = var1.entrySet().iterator();");
        sb.append("    while(var3.hasNext()) {");
        sb.append("        java.util.Map.Entry var4 = (java.util.Map.Entry)var3.next();");
        sb.append("        String var5 = (String)var4.getKey();");
        sb.append("        java.util.List var6 = (java.util.List)var4.getValue();");
        sb.append("        java.util.ArrayList var7 = new java.util.ArrayList();");
        sb.append("        java.util.Iterator var8 = var6.iterator();");
        sb.append("        while(var8.hasNext()) {");
        sb.append("            String var9 = (String)var8.next();");
        sb.append("            String var10 = this.filterHeaderField(var5, var9);");
        sb.append("            if (var10 != null) {");
        sb.append("                var7.add(var10);");
        sb.append("            }");
        sb.append("        }");
        sb.append("        if (!var7.isEmpty()) {");

        // insert Access-Control-Allow-Origin:*
        sb.append("            var2.put(\"Access-Control-Allow-Origin\", java.util.Collections.singletonList(\"*\"));");
        // insert Access-Control-Allow-Headers:*
        sb.append("            var2.put(\"Access-Control-Allow-Headers\", java.util.Collections.singletonList(\"*\"));");

        sb.append("            var2.put(var5, java.util.Collections.unmodifiableList(var7));");
        sb.append("        }");
        sb.append("    }");
        sb.append("    return this.filteredHeaders = java.util.Collections.unmodifiableMap(var2);");
        sb.append("}");

        method.setBody(sb.toString());
}

本文标签： javascriptJavaFX WebView disable Same origin policy (allow cross domain requests)Stack Overflow