I would like to disable the same origin policy on XMLHttpRequests in my own embedded WebViews. I have control over the pages loaded / code being executed in the WebView, so I do not care about enforcing the same origin policy. I would like to make cross-domain requests.
I've tried implementing the WebPolicyDelegate and WebResourceLoadDelegate but they do not seem to be called for XMLHttpRequests.
I think you'll struggle to find anyway to do that in a way that is useful to you. Have you considered JSONP instead of XHRs? http://en.wikipedia.org/wiki/JSON
The high-level overview is that JSONP uses the same mechanism for requesting external scripts as you're using above. The difference is that your server will recognise this and will package up the JSON response as the argument to a callback method. When your site receives this 'script', it executes it thereby returning the data directly into your callback method.
If you are able to use a framework like jQuery, most of the client side would be transparently handled for you. In fact, it will use virtually the same methods that you use for XHR (AJAX) requests. Check it out here: http://api.jquery.com/jQuery.getJSON/
You could try adding the Access-Control-Allow-Origin: * header to the server response. I don't think it's supported by all browsers though.
More info: https://developer.mozilla.org/en/HTTP_access_control
void WebSettingsImpl::setWebSecurityEnabled(bool enabled) { m_settings->setWebSecurityEnabled(enabled); }
Hopefully this is what you need! You can send me a message for webkit.