Open Canvinus opened 10 months ago
bos-loader
due to mixed content (HTTP within HTTPS)The problem I've encountered isn't related to CORS. Instead, it stems from Safari's stringent security measures, which differ significantly from most other browsers. Specifically, bos-loader
is hosted over HTTP, and when we bind it to near.org
(which uses an SSL certificate), Safari refuses to fetch the data. This is due to a security concern where the TLS connection downgrades to HTTP.
I managed to find a workaround, although I'm uncertain about its long-term viability. I self-signed the certificates and hosted the warp with TLS. After this adjustment, everything started functioning correctly in Safari.
thanks for the detailed report!
I recommend anyone deal with this use ngrok which will give you an SSL endpoint
ngrok http 3030
You can also set up an ngrok configuration file if you would like a consistent ngrok URL instead of a new randomly generated one each time you run it. I will create an issue for documenting this further in the README
⚠️ Be aware that ngrok endpoints are accessible to the open internet. This can also be used to your advantage to run bos-loader on one machine and load components on another (e.g. mobile)
Originally posted by @Canvinus in https://github.com/near/bos-loader/issues/5#issuecomment-1697173620