7 Replies Latest reply on Jul 21, 2016 7:37 AM by carlesc RSS
    tcoufal Communicator

    How to bypass same origin directive

    Hi Guys,

     

    I have a following question.

     

    I am well aware of security risks, but I am doing some tests and hit the wall, so the speak.

    I would need to bypass Same origin directive.

     

    I am writing some javascript code (HTML and pure JS + d3 library). It's a network topology view based on JSON data served by ThingWorx Thing service.

    So in the JavaScript am referencing ThingWorx machine.

    I placed the code directly in Tomcat/Webapps/Thingworx/Common/<folder for external code>/<some external code>, so I would not have to set up a second web server to run it (serve it).

    So now I can use webFrame or links from mashups to access to code. It also works when I store complete code (HTML and JS) as HTML property and use that property bound to HtmlTextArea widget set to ReadOnly (How cool is that  ). Anyhow, IP address in that script and IP address which I am using to access that script must be exactly the same otherwise its XSS. I could simply use localhost, but it will be working only on local machine (not really a webapp.. ) .


    So I would like to keep IP address in my JS code as it is (as I need to be).


    So I would like to somehow bypass the Same origin policy...


    Thanks for your ideas...


    Tomas


    Picure how does it look like of someone's interested.