search

near / bos-loader

MIT License
19 stars 5 forks source link

Compatibility with Safari #9

Open Canvinus opened 10 months ago

Canvinus commented 10 months ago 
          Now have CORS issues only in safari (Version 16.6). In chromium browsers works just fine!
Screenshot 2023-08-29 at 12 16 36 Screenshot 2023-08-29 at 12 16 58

Originally posted by @Canvinus in https://github.com/near/bos-loader/issues/5#issuecomment-1697173620

Canvinus commented 10 months ago

Issue: Safari refuses to fetch data from bos-loader due to mixed content (HTTP within HTTPS)

Description:

The problem I've encountered isn't related to CORS. Instead, it stems from Safari's stringent security measures, which differ significantly from most other browsers. Specifically, bos-loader is hosted over HTTP, and when we bind it to near.org (which uses an SSL certificate), Safari refuses to fetch the data. This is due to a security concern where the TLS connection downgrades to HTTP.

Temporary Solution:

I managed to find a workaround, although I'm uncertain about its long-term viability. I self-signed the certificates and hosted the warp with TLS. After this adjustment, everything started functioning correctly in Safari.

mpeterdev commented 10 months ago

thanks for the detailed report!

I recommend anyone deal with this use ngrok which will give you an SSL endpoint

  1. run bos-loader
  2. run ngrok http 3030
  3. copy the generated https endpoint and use that on near.org/flags

You can also set up an ngrok configuration file if you would like a consistent ngrok URL instead of a new randomly generated one each time you run it. I will create an issue for documenting this further in the README

⚠️ Be aware that ngrok endpoints are accessible to the open internet. This can also be used to your advantage to run bos-loader on one machine and load components on another (e.g. mobile)