CORS and the HTML5 Application cache manifest don't work together (neither do CORS and Apache)

Posted by Matt Bryson on 28-Feb-2014 19:10:24

If you are looking to make cross domain requests with ajax for items in a cache manifest, don't. It wont work.

We recently embarked on building a web application that runs completely offline on mobile devices.

It was fully content managed from our CMS, which published assets and a cache.manifest file to a couple of amazon S3 buckets.

Our set up was this:

  • The CMS and API run off an EC2 server on a domain A
  • The assets are published to a S3 bucket on domain B
  • The web app is hosted on a S3 static website bucket on domain C

You can't cross domain the cache manifest itself, but you can cross domain the items in it, as long as its not HTTPS.

So, we need the web app on domain C to load the API on domain A. As well as allow the web app on domain C to load the assets on domain B all via Ajax. This is not allowed due to security restrictions.

CORS to the rescue. or so we thought....


Read More

Topics: appcache, CORS, Apache