New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CORS errors when loading assets #348
Comments
If we just talking about CORS, I think it won't be possible. |
I see. The files are in the filesystem, so I'd have to hack together a localhost listener to serve them... |
Custom protocol is usually used for loading assets within a certain data directory. |
This whole issue is because CORS doesn't support custom protocols. |
In macOS there is a private API, but not sure it's something we want to include. https://trac.webkit.org/browser/trunk/Source/WebKit/mac/WebView/WebPreferences.mm?rev=111350#L1011 |
Looks like IONIC had to boot a local HTTP server :/ https://docs.google.com/document/d/19VQ-n7hGr9IDPPstQqU8_8WgqUh7R6sgQfL2neoT-Xw/edit |
@nullchinchilla We would like to look into this issue. Maybe it's only affected on certain platform. (Windows for example) |
Here is a minimal test case: https://github.com/raguay/TestIt This example shows the problem I'm having with CORS. A similar situation works for NW.js and Electron on the Mac. |
BTW: I'm on a macpro M1 system with the latest Big Sur OS. |
Well, my opinion here is that CORS exists in browsers to prevent unauthorised access. If you are using something like window.fetch, I would expect it not to work if your service requires it (e.g. using helmet within some kind of express server). My recommendation is to use tauri's |
just use the http api from tauri here: import { fetch } from "@tauri-apps/api/http"
// or `withGlobalTauri: true` in tauri.conf.json
const { fetch } = window.__TAURI__.http;
function getMessage() {
fetch("http://localhost:9878/api/", {
method: "get",
headers: { "Content-type": "application/json" }
}).then(data => {
return data.text();
}).then(data => {
console.log(data);
});
} |
Okay, that does work. I didn't know about that API. I guess I need to study the API more. Thanks for the pointer. |
Closing this with the solution above. Note that CORS can still be solved by backend servers handle it properly. |
Is there any way to disable CORS in the webview?
To avoid an X-Y problem: I am loading local JS/HTML files with a custom protocol
wry://
. These JS files then talk to a backend service that I control.The problem is, neither setting
Access-Control-Allow-Origin: *
norAccess-Control-Allow-Origin: wry://
work on the server, because it seems like the webview hardcodes https and http URL as the only kind of CORS origin. Can CORS just be turned off completely?Or is there a way of loading local JS/HTML files with a host that can be matched against by
Access-Control-Allow-Origin
?The text was updated successfully, but these errors were encountered: