Closed VanillaMaster closed 1 month ago
nomi-san
commented
1 month ago LCU responds with header Referrer Policy: strict-origin-when-cross-origin.
Then all cross-orgin and cross-scheme (https -> pengu://) requests will be blocked.
Since Chromium v87, there's no way to bypass CORS policy, disabling whole web security is not a good idea.
VanillaMaster
commented
1 month ago @nomi-san as far as i can see, it manageable
virtual bool AddCustomScheme(const CefString& scheme_name, int options) = 0;
nomi-san
commented
1 month ago Yesh, this method allows cross-scheme import, but cant bypass resource requests.
Also tried CefAddCrossOriginWhitelistEntry().
// This function cannot be used to bypass the restrictions on local or display
// isolated schemes. See the comments on CefRegisterCustomScheme for more
// information.@nomi-san it definitely can, i playing around and now at the point where i just not good enough to implement cef_resource_handler_t and i just get crashes, but request doesnt get blocked by cors
https://gist.github.com/VanillaMaster/74392111ffcdb5c31a2b005610c2e7e9
nomi-san
commented
1 month ago Fetch API should not work on non HTTP scheme, even with CEF_SCHEME_OPTION_FETCH_ENABLED.
VanillaMaster
commented
1 month ago but esm imports works fine
VanillaMaster
commented
1 month ago Fetch API should not work on non HTTP scheme, even with
CEF_SCHEME_OPTION_FETCH_ENABLED.
then whats the point of thet option ...
nomi-san
commented
1 month ago In case of switching to custom scheme, what will you do
https://plugins with pengu://plugins, that has no meaninghttps://plugins with plugins://<name> (name is TLD, alias of pkg), you will do more workAnd both cases need to redirect ALL requests that point to https://plugins/. Also exising plugins have used fetch to acquire their resouces will not work.
I will not handle this case.
why use fake domain when it can be custome url scheme (is it even possible)?