Add protocol header 'Access-Control-Allow-Origin'


I’m working on this app implemented as plugins. I’d like to provide the ability to load plugin’s resources using protocols. But protocols are colliding with the following error:

Imported resource from origin ‘ui://’ has been blocked from loading by Cross-Origin Resource Sharing policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource. Origin ‘plugins://’ is therefore not allowed access.

Here is the implementation of ‘plugins’ protocol:

protocol.registerFileProtocol('plugins',function(req, callback){

My ‘ui’ protocol is implemented in the same way as the ‘plugins’ one. In this 2 protocols example, I get the error whenever I try to load a ui://resource.html from another resource loaded from a plugins://path/to/resource.
To get my idea working, I’d like to set that ‘Access-Control-Allow-Origin’ header to ‘*’ but how to do that?

Thanks in advance for your thoughts


Hello djahma, unfortunately, I don’t really have an answer for you, but more to add.

I am working with an online database (QuickBase) and have to deal with CORS (cross-origin, same origin policy restrictions) standard in modern browsers for security. But, for testing, the security is not needed, and I know my code works when I put it in the page on the hosted site. But, for testing, CORS kills my work and testing is painful. DreamWeaver (gasp!) did not implement CORS in it’s previews so it worked great, until I ran into DW limitations in other areas. I really want to use Atom for the HTML/Javascript/AngularJS work but the preview is limited by CORS too. I don’t understand how to configure Atom to disable CORS for testing.

I found this, but I must admit I don’t understand how to do what it says, or even if disabling CORS is possible -
github community issue 384

If anyone knows how to set Atom or Electron to at least temp disable CORS, please share. Big :smiley: