[v2]Uncaught (in promise) missing Origin header

[Xiaobaishushu25]

i use this code to show a window:

import {WebviewWindow} from "@tauri-apps/api/webviewWindow";
async function handleKeydown(){
  const appWindow = WebviewWindow.getByLabel('tool')
  console.log(appWindow);
  console.log(appWindow?.window);
  console.log(await appWindow?.isVisible())
  // await appWindow?.show()
}

but encounter some problem:

_WebviewWindow {label: 'tool', listeners: {…}}
POST http://ipc.localhost/plugin%3Awindow%7Cis_visible 400 (Bad Request)
:1420/#/CandleChart:1  Uncaught (in promise) missing Origin header

I am a beginner in the front-end, and I am not sure if it is because tauri is not properly configured or just because of a front-end issue.
I have reviewed the documentation and issue, but did not find any similar issues, so how should I solve them?

[FabianLars]

Could you also post the output of the tauri info command please? Your code looks correct so this is either a bug on our side, or the webview is confused and prints an incorrect error.

[Xiaobaishushu25]

Could you also post the output of the tauri info command please? Your code looks correct so this is either a bug on our side, or the webview is confused and prints an incorrect error.

ok，this is output

[✔] Environment
    - OS: Windows 10.0.19045 X64
    ✔ WebView2: 123.0.2420.81
    ✔ MSVC: Visual Studio Community 2022
    ✔ rustc: 1.77.0 (aedd173a2 2024-03-17)
    ✔ cargo: 1.77.0 (3fe68eabf 2024-02-29)
    ✔ rustup: 1.27.0 (bbb9276d2 2024-03-08)
    ✔ Rust toolchain: stable-x86_64-pc-windows-msvc (default)
    - node: 20.11.1
    - pnpm: 8.15.3
    - yarn: 1.22.19
    - npm: 10.2.4

[-] Packages
    - tauri [RUST]: 2.0.0-beta.14
    - tauri-build [RUST]: 2.0.0-beta.11
    - wry [RUST]: 0.39.0
    - tao [RUST]: 0.27.0
    - tauri-cli [RUST]: 1.4.0
    - @tauri-apps/api [NPM]: 2.0.0-beta.7
    - @tauri-apps/cli [NPM]: 2.0.0-beta.12

[-] App
    - build-type: bundle
    - CSP: unset
    - frontendDist: ../dist
    - devUrl: http://localhost:1420/
    - framework: Vue.js
    - bundler: Vite

[beeequeue]

The IPC requests are failing since they are not sending a Origin header.

From what I can tell it's because of this PR, more specifically this line.

The browser is not sending the header by default for whatever reason, and it's not being explicitly added in the request code

Example request

[Xiaobaishushu25]

The IPC requests are failing since they are not sending a Origin header.

From what I can tell it's because of this PR, more specifically this line.

The browser is not sending the header by default for whatever reason, and it's not being explicitly added in the request code

Example request

emm,It looks a little complicated. So how can I solve this problem，manually sending a Origin header(how can this be achieved)? Do you have any suggestions?Thank you very much for your reply.

[beeequeue]

downgrade your tauri until they fix the bug

[Xiaobaishushu25]

downgrade your tauri until they fix the bug

I tested that both tauri 2.0.0 beta and 2.0.0 alpha cannot function properly. Can we only downgrade to tauri 1.0?

[FabianLars]

Can someone upload a minimal reproduction (this means, reproduce the error in a new app created with create-tauri-app and upload that to github).

Also, do you have a system proxy configured?

[Xiaobaishushu25]

Can someone upload a minimal reproduction (this means, reproduce the error in a new app created with create-tauri-app and upload that to github).

Also, do you have a system proxy configured?

hi,i have identified the cause, beacuse i face the problem:

 xxx from origin 'http://localhost:1420' has been blocked by CORS policy: The 'Access-Control-Allow-Origin' header has a value 'https://echarts.apache.org' that is not equal to the supplied origi

i search the isssue and try many wrokaround but this is effective:tauri-apps/tauri-docs#26 (comment), but the problems encountered above will occur.
If "additionalBrowserArgs": "--disable-web-security" is removed from windows config, the above problem disappeared, but the CORS problem reappeared.
So do you still need a minimal reproduction? How can I solve this series of problems?

[FabianLars]

Ahhh, okay i understand.

For CORS issues we generally recommend using tauri's fetch instead of the browser's one which ignores CORS because it executes the requests on the Rust side. Or if possible, write the rust code yourself.
This is basically required if you need macOS or Linux support because they don't have that browser argument.

---

@lucasfernog tldr: The --disable-web-security flag clashes with this https://github.com/tauri-apps/tauri/pull/9100/files#diff-d6ec24d524b77014e2aa13eec678a5032904ddc820664b1c000866cc006cc71aR403 (or well, the inner Wry logic). Having a fallback is probably unsafe but just forbidding the flag (if tauri's ipc is used) may also not be nice because it's used more often than we'd like, so i don't really know what to do here tbh.

[Xiaobaishushu25]

Ahhh, okay i understand.

For CORS issues we generally recommend using tauri's fetch instead of the browser's one which ignores CORS because it executes the requests on the Rust side. Or if possible, write the rust code yourself. This is basically required if you need macOS or Linux support because they don't have that browser argument.

@lucasfernog tldr: The --disable-web-security flag clashes with this https://github.com/tauri-apps/tauri/pull/9100/files#diff-d6ec24d524b77014e2aa13eec678a5032904ddc820664b1c000866cc006cc71aR403 (or well, the inner Wry logic). Having a fallback is probably unsafe but just forbidding the flag (if tauri's ipc is used) may also not be nice because it's used more often than we'd like, so i don't really know what to do here tbh.

I have tried tauri's fetch, it also face the CORS problem(Or something else, I can't remember clearly? Anyway, it won't work properly), so i have use reqwest to get http data. Now it can work normally. Thanks.