Closed VanillaMaster closed 1 month ago
LCU responds with header Referrer Policy: strict-origin-when-cross-origin
.
Then all cross-orgin and cross-scheme (https
-> pengu://
) requests will be blocked.
Since Chromium v87, there's no way to bypass CORS policy, disabling whole web security is not a good idea.
@nomi-san as far as i can see, it manageable
virtual bool AddCustomScheme(const CefString& scheme_name, int options) = 0;
Yesh, this method allows cross-scheme import
, but cant bypass resource requests.
Also tried CefAddCrossOriginWhitelistEntry()
.
// This function cannot be used to bypass the restrictions on local or display
// isolated schemes. See the comments on CefRegisterCustomScheme for more
// information.
@nomi-san it definitely can, i playing around and now at the point where i just not good enough to implement cef_resource_handler_t
and i just get crashes, but request doesnt get blocked by cors
https://gist.github.com/VanillaMaster/74392111ffcdb5c31a2b005610c2e7e9
Fetch API should not work on non HTTP scheme, even with CEF_SCHEME_OPTION_FETCH_ENABLED
.
but esm imports works fine
Fetch API should not work on non HTTP scheme, even with
CEF_SCHEME_OPTION_FETCH_ENABLED
.
then whats the point of thet option ...
In case of switching to custom scheme, what will you do
https://plugins
with pengu://plugins
, that has no meaninghttps://plugins
with plugins://<name>
(name is TLD, alias of pkg), you will do more workAnd both cases need to redirect ALL requests that point to https://plugins/
. Also exising plugins have used fetch to acquire their resouces will not work.
I will not handle this case.
why use fake domain when it can be custome url scheme (is it even possible)?