08.05.2011. 22:57

JavaScript: Same Origin Policy Workaround

Had weird issue recently: TinyMCE couldn't open popup boxes in Firefox for same origin policy violation.

Problem is that cMASS uses single core for multiple websites, both PHP and media files - so, all media files (shared scripts, stylesheets and images) are stored on single domain for one server, e.g. core.cmass.info; but, when TinyMCE tries to load JavaScript dynamically from there, it gets blocked.

Solution from TinyMCE Wiki wasn't of much help - being that dozens of web spaces are accessing same JS instance. After hour or so browsing the web for a hint, i stumbled upon a forum post (can't find it right now) where author asked for help setting up apache proxy to fix same origin policy violation. And that's what fixes it:

ProxyPass /core http://core.cmass.info/
ProxyPassReverse /core http://core.cmass.info/

Now, you can access core files as if they were on same domain, e.g. http://www.massvision.net/core. Busted!