Reply To: New HTML file import method

[__]

The reason the server requirement “goes away” when imports are supported natively is that the polyfill relies on ajax to request the files. When native imports are available, you can (presumably) just use a file:// url. I don’t know much about the specifics of Chrome’s implementation.

So, questions:

• are you using polymer?
• are you using (supporting) only Chrome, and only recent versions that support imports?

Also, keep in mind that this requirement has nothing to do with “running an app.” It only affects the usage of HTML imports. You could simply include all of your templates, etc. on your main HTML page, and then you would have no need for imports. Yes, this defeats the main advantages of imports, but for now it’s actually not a bad approach. Do development on a server, with a browser that supports imports, and then combine everything into a single page for production.

back to the CORS issue normally you fix it via server Header’s Access-Control-Allow-Origin “*”

A bit off-topic, but just to be clear, CORS is not a “problem” to be solved. It is a solution to the very serious problem of cross-site scripting attacks. It is a way to be sure that browsers and servers agree that a given script is safe and “allowed” to be run on a given site.

Access-Control-Allow-Origin: * is like saying “oh, yeah, whatever.” You’re basically just disabling/ignoring the security precaution. It’s much better to actually grant permission to the specific site(s) the script is intended to be used on.