Is it possible to do in server.coffee before its handed off to ShareJS?
I tried adding:
stream.headers['Access-Control-Allow-Origin'] = '*'
but it didn't work.

This was mentioned in #77, #228 but that seems focused on an earlier version of the code.

When you setup node-browserchannel you need to pass the {cors:"*"} in the browserchannel options. CORS required a little more configuration than just adding the header.

This has nothing to do with sharejs now - sharejs 0.7 at least in theory doesn't care about your network connection at all.

I did this, but it didn't work. After I added in {cors:"*}

$ curl -D - http://192.168.1.5:7007/channel/hjkhjk
HTTP/1.1 404 Not Found
Content-Type: text/plain
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
X-Content-Type-Options: nosniff
Access-Control-Allow-Origin: *
Date: Thu, 20 Feb 2014 06:35:22 GMT
Connection: keep-alive
Transfer-Encoding: chunked

But this is what shows up in Chrome Developer Tools:

XMLHttpRequest cannot load http://192.168.1.5:7007/test?VER=8&MODE=init&zx=3k6s8azq5z9&t=1. Origin http://localhost is not allowed by Access-Control-Allow-Origin.

Where my.html is my own version of the index.html file. With the following changes:

var s = new BCSocket('http://192.168.1.5:7007', {reconnect: true,crossDomainXhr:true, cors:"*"});
var sjs = new window.sharejs.Connection(s);
var doc = sjs.get('users', 'seph');

Any thoughts?

BTW, I did that cors:"" on both the client and server side. I think the problem is that with BrowserChannel only certain urls are being tagged A-C-A-O:. Vexing...

Open the chrome network tab, and let me know which exact request is failing. channel/hjkhjk doesn't exist - so you shouldn't read too much into that. You can also right-click on a request and say 'copy as cURL' then you can paste that request into your console & play with it there.

It looks like bcsocket.js:60 is where the issue is. Screenie: http://i.imgur.com/XLdlelb.png

If I click on one:
Request URL:http://192.168.1.5:7007/test?VER=8&MODE=init&zx=5z23epu8tv4m&t=1
Request Headersview source
Origin:http://localhost
Referer:http://localhost/sharejs-testing/public/my.html
User-Agent:Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.160 Safari/537.22
Query String Parametersview sourceview URL encoded
VER:8
MODE:init
zx:5z23epu8tv4m
t:1

It looks like CORS headers aren't being sent at all. I bet its just not configured correctly. Can you show me the line you're using to initialize browserchannel? ShareJS 0.6 or 0.7? Did you see this wiki page?

(You only need to add cors:"*" on the server, not the client)

This is what I have configured. I added a preceding space to the query to eliminate a big single line from jquery.js:

$ cd node_modules
$ grep -irHn " cors:"
share/test/helpers/server.coffee:57:  .server cors: '*', (socket)->
share/test/helpers/server.coffee:62:  .server base: '/fixtures', cors: '*', (socket)->
browserchannel/lib/server.coffee:74:  # You can use the cors: option to set the Access-Control-Allow-Origin header
browserchannel/lib/server.coffee:80:  # Setting cors:'*' will enable javascript from any domain to access your
browserchannel/lib/server.coffee:85:  # Setting cors:'X' is equivalent to adding
browserchannel/lib/server.coffee:87:  cors: "*"
browserchannel/dist/server.js:29:  cors: "*",
browserchannel/test/server.coffee:347:    createServer cors:'foo.com', corsAllowCredentials:true, (->), (server, port) ->
browserchannel/test/server.coffee:369:    createServer cors:'foo.com', corsAllowCredentials:true, sessionCreated, (_server, _port) ->
browserchannel/test/server.coffee:380:      createServer cors:'foo.com', corsAllowCredentials:true, (->), (@corsServer, @corsPort) =>

$ cd ~/.npm/browserchannel
$ grep -irHn " cors:"
1.0.8/package/lib/server.coffee:74:  # You can use the cors: option to set the Access-Control-Allow-Origin header
1.0.8/package/lib/server.coffee:80:  # Setting cors:'*' will enable javascript from any domain to access your
1.0.8/package/lib/server.coffee:85:  # Setting cors:'X' is equivalent to adding
1.0.8/package/lib/server.coffee:87:  cors:"*"
1.0.8/package/dist/server.js:29:  cors:"*",
1.0.8/package/test/server.coffee:347:    createServer cors:'foo.com', corsAllowCredentials:true, (->), (server, port) ->
1.0.8/package/test/server.coffee:369:    createServer cors:'foo.com', corsAllowCredentials:true, sessionCreated, (_server, _port) ->
1.0.8/package/test/server.coffee:380:      createServer cors:'foo.com', corsAllowCredentials:true, (->), (@corsServer, @corsPort) =>

BTW This is my updated client side
$ cat my.html

<style>
  #pad {
    width: 100%;
    height: 100%;
    font-size: 20px;
    font-family: monaco;
    background: -webkit-canvas(cursors);
    background-repeat: no-repeat;
  }
</style>
<textarea id='pad' autofocus>Connecting...</textarea>
<script src="http://192.168.1.5:7007/channel/bcsocket.js"></script>
<script src="http://192.168.1.5:7007/text.js"></script>
<script src="http://192.168.1.5:7007/share.uncompressed.js"></script>
<script>

var elem = document.getElementById('pad');

var options = {
    origin: "http://192.168.1.5:7007/channel",
    crossdomainXhr: true,
    reconnect: true
};

var s = new BCSocket('http://192.168.1.5:7007', options);

var sjs = new window.sharejs.Connection(s);

var doc = sjs.get('users', 'seph');
console.log(doc);
doc.subscribe();

doc.whenReady(function () {
  if (!doc.type) doc.create('text');
  if (doc.type && doc.type.name === 'text')
    doc.attachTextarea(elem);
});

</script>

Where's your server-side code? Where are you initializing browserchannel on the server, and how? Your client looks fine, but your server is the part thats misbehaving.

(I know whats in node_modules - I wrote all of that.)

My server is in ~/ShareJs/prototype/ and is the same as the default one.
Initializing BrowserChannel in ~/ShareJs/node_modules and ~/.npm/browserchannel, by modifying server.js and server.coffee as shown above.

Is it possible I'm missing some npm-ism or coffeescript-ism? I'm new to both.
BTW, Just to answer your earlier question: This is all 0.7, working from the tip of master.
I take it CORS works ok for you?

Oh, so you modified prototype/server.coffee?

Something like this?

webserver.use browserChannel {webserver, cors:"*"}, (client) ->
  stream = new Duplex objectMode:yes
  ...

And yes it does - at least, it did last time I tested it. I don't use CORS in production.

(And technically this issue should be filed on josephg/node-browserchannel - it actually has nothing to do with sharejs.)

That doesn't work for me. :( I don't know if this is clear, but my.html is on my localhost http server. sharejs is on 192.168.1.5. I've filed this issue on josephg/node-browserchannel as requested.