Disable CORS check on embedded device

[hmb]

Is there a possiblility to disable the CORS check using a CLI switch, similar to chromiums "--disable-web-security" (https://stackoverflow.com/a/3177718/1614903)?

We have an application that runs on an embedded device. It get's some html/js framework from an embedded localhost webserver on the device and displays the content from an external url in an iframe. There are some XMLHttpRequest calls to the same external site necessary, to check it's status, but they obviously get blocked by the same origin policy. And there's no possibillity to get the external server to send the "Access-Control-Allow-Origin" header, because it could be some arbitrary website.

Basically the framwork stuff is just used to communicate with some other applications on the device, so we cannot pass the external url directly to cog. So a switch to disable SOP and CORS would come in quity handy

[philn]

WebKitGTK has some API for this, but i'm not sure if it's also exposed in WPE... https://webkitgtk.org/reference/webkit2gtk/stable/WebKitWebView.html#webkit-web-view-set-cors-allowlist

[philn]

Also in 2.38 the WebView will have a new default-content-security-policy property, maybe that can be useful too.

[hmb]

Thanks for your hints and sorry for the late reply. We came around to solving the problem in a different way, as a parallel XMLHttpRequest does not really tell you anything about the state in the iframe. For the records the page loaded in the iframe now sends a notification (over MQTT which is our backgroud bus) and states its status once loaded. I mark this as answer nevertheless.

[iamdrq]

I also wish disable security check on embedded device,I found this https://webkitgtk.org/reference/webkit2gtk/unstable/method.Settings.set_disable_web_security.html,
but it available in webkit 2.40

[iamdrq]

ok,It already available in wpe-webkit-2.0