Forms loaded from local filesystem

Discussion:

Mats Eklund

2014-06-01 20:20:31 UTC

Hi,

I have noticed that XSLTForms does not seem to support the scenario of xforms submission to a web server when the form or instance document is loaded from local file system (file://).

I believe this is so since normally such submissions are disallowed in accordance with the browser's implementation of the Same-Origin Policy.

However, since there are methods for disabling the Same-Origin Policy (e.g. using Cross-Origin Resource Sharing (CORS) on the destination server or by disabling Same-Origin Policy in the browser (can be done in Chrome for example)), it would be nice if XSLTForms could support the mentioned scenario.

For my own purposes, I got the scenario to work by making changes to xsltforms.js (Rev 595):

7942: modified test in IF statement to never return true (allows for normal processing of xf:submission even if form loaded from file system)
7813: modified test in IF statement to never return true (prevents an unnecessary java applet from being loaded)

These are however only quick and dirty fixes. It would be nice if XSLTForms could support this scenario!

Kind regards,
Mats

Alain Couthures

2014-06-07 05:16:23 UTC

Permalink

Hi Mats,

XSLTForms is currently considering that submissions from a local form
are always for the local disk but, in your case, the corresponding
resource should be starting with "http://", is that right?

Could you please test replacing:

at 7813,
window.location.href.substr(0, 7) === "file://"
with
(window.location.href.substr(0, 7) === "file://" && action.substr(0,
7) !== "http://")

at 7942,
(window.location.href.substr(0, 7) === "file://" && method !== "get")
with
(window.location.href.substr(0, 7) === "file://" && action.substr(0,
7) !== "http://" && method !== "get")

Thank you for your feedback!

--Alain

Post by Mats Eklund
Hi,
I have noticed that XSLTForms does not seem to support the scenario of
xforms submission to a web server when the form or instance document
is loaded from local file system (file://).
I believe this is so since normally such submissions are disallowed in
accordance with the browser's implementation of the Same-Origin Policy.
However, since there are methods for disabling the Same-Origin Policy
(e.g. using Cross-Origin Resource Sharing (CORS) on the destination
server or by disabling Same-Origin Policy in the browser (can be done
in Chrome for example)), it would be nice if XSLTForms could support
the mentioned scenario.
For my own purposes, I got the scenario to work by making changes to
7942: modified test in IF statement to never return true (allows for
normal processing of xf:submission even if form loaded from file system)
7813: modified test in IF statement to never return true (prevents an
unnecessary java applet from being loaded)
These are however only quick and dirty fixes. It would be nice if
XSLTForms could support this scenario!
Kind regards,
Mats

Mats Eklund

2014-06-07 20:44:58 UTC

Permalink

Hi Alain,

The submission in my case is to an "https://" address. So with a slight modification your suggested changes should work for my case too!

Thanks!!

Kind regards,

Mats

________________________________
From: Alain Couthures <***@agencexml.com>
To: Mats Eklund <mats.eklund-/***@public.gmane.org>; "xsltforms-***@lists.sourceforge.net" <xsltforms-support-5NWGOfrQmneRv+***@public.gmane.org>
Sent: Saturday, June 7, 2014 7:16 AM
Subject: Re: [Xsltforms-support] Forms loaded from local filesystem

Hi Mats,

XSLTForms is currently considering that submissions from a local
form are always for the local disk but, in your case, the
corresponding resource should be starting with "http://", is that right?

Could you please test replacing:

at 7813,
   window.location.href.substr(0, 7) === "file://"
with
   (window.location.href.substr(0, 7) === "file://" && action.substr(0, 7) !== "http://")

at 7942,
   (window.location.href.substr(0, 7) === "file://" && method !== "get")
with
   (window.location.href.substr(0, 7) === "file://" && action.substr(0, 7) !== "http://" && method !== "get")

Thank you for your feedback!

--Alain

Le 01/06/2014 22:20, Mats Eklund a écrit :

Hi,

Post by Mats Eklund
I have noticed that XSLTForms does not seem to support the scenario of xforms submission to a web server when the form or instance document is loaded from local file system (file://).
I believe this is so since normally such submissions are disallowed in accordance with the browser's implementation of the Same-Origin Policy.
However, since there are methods for disabling the Same-Origin Policy (e.g. using Cross-Origin Resource Sharing (CORS) on the destination server or by disabling Same-Origin Policy in the browser (can be done in Chrome for example)), it would be nice if XSLTForms could support the mentioned scenario.
7942: modified test in IF statement to never return true (allows for normal processing of xf:submission even if form loaded from file system)
7813: modified test in IF statement to never return true (prevents an unnecessary java applet from being loaded)
These are however only quick and dirty fixes. It would be nice if XSLTForms could support this scenario!
Kind regards,
Mats