jquery.fileDownload icon indicating copy to clipboard operation
jquery.fileDownload copied to clipboard

Published 20 hours ago verified publisher icon johnculviner

Requesting document from different domain

Open CodeCharm opened this issue 9 years ago • 10 comments

I control both the web site that requests the file to be downloaded and the web service site which creates the document to download, so adding the cookie in the web service was not a problem, but they do live in different domains. I have to POST lots of fields to generate the document. This works: the web service is getting the POST and sending the document to be downloaded.

In Chrome, the checkFileDownloadComplete timer callback function is erroring out with this message:

Blocked a frame with origin "http://localhost" from accessing a cross-origin frame.

The document gets downloaded, but the cookie that indicates that the download is complete isn't getting read, so my success messages or callbacks aren't shown or called.

Am I missing something? I'm still trying to work out a resolution for this.

CodeCharm avatar Nov 17 '15 16:11 CodeCharm

yeah you can't access cross origin iframes which is how this thing works. you could set up a proxy on your webserver to make it not cross origin but other than that not really a way around it...

johnculviner avatar Nov 17 '15 16:11 johnculviner

The only other option I found which might work involves using window.postMessage, which won't work for me because I need to put script into the iframe'd document, which implies it would be text/html, when in fact I'm downloading a PDF.

I'll set up the proxy.

My suggestion is that the fileDownload module could check for same origin first, but if it is cross origin, it could disable some of the features that rely on the cookie being set.

CodeCharm avatar Nov 17 '15 17:11 CodeCharm

the cookie is how it figures it out, furthermore iframes can't work cross origin. In short if you are cross origin the plugin won't work, period. unless im missing something

johnculviner avatar Nov 17 '15 18:11 johnculviner

I guess I was thinking that it could still be useful for downloading a file (which it does do, even cross origin) even if it can't do the other functions, like supporting promises, etc. If you think that is not a use case you want to support, then I will just close this and edit the wiki.

CodeCharm avatar Nov 18 '15 00:11 CodeCharm

Sure if you'd like to gimmie a PR on how you envision this working and update readme.md sounds good!

johnculviner avatar Nov 18 '15 05:11 johnculviner

In case it's useful, I've been using xdomain to bypass CORS, which would fix this issue, I think?

jeff-h avatar Feb 22 '16 07:02 jeff-h

Good idea, i dont think it would work though because file downloads aren't done with AJAX rather with a discrete window.location (many browsers still dont support file downloads/ file download dialogs initiated with javascript)

johnculviner avatar Feb 22 '16 13:02 johnculviner

This might end up being a thing for a different issue, but it's relevant-ish so I'll start here first.

I've run into (presumably) this issue, and the gist of it is that when a cross-domain attempt is made, the file downloads the traditional way but neither the success nor the failure callback execute. Because of this, I can't figure out how/when to dismiss my "your download is preparing" modal in case of a cross-domain attempt -- any ideas?

[I suppose I could manually try and detect if it's gonna be cross-domain from the URLs before starting the download, but only if necessary.]

XaserAcheron avatar May 18 '16 20:05 XaserAcheron

@XaserAcheron Were you able to find a solution to the problem you were facing?

amitkumargoldy avatar Jul 23 '18 16:07 amitkumargoldy

I ended up just fudging it by manually checking if the URL was cross-domain before initiating the download. Not ideal, but it works.

XaserAcheron avatar Jul 23 '18 16:07 XaserAcheron