tauri-apps / tauri

Build smaller, faster, and more secure desktop and mobile applications with a web frontend.
https://tauri.app
Apache License 2.0
85.29k stars 2.58k forks source link

External requests fails on linux #1836

Closed crobibero closed 3 years ago

crobibero commented 3 years ago

Describe the bug Attempting to hit an external API fails on Linux (PopOS), works fine on Windows. Works fine on Linux in dev mode.

To Reproduce Repo: https://github.com/crobibero/jellyfin-vue/tree/tauri Steps to reproduce the behavior:

  1. git clone https://github.com/crobibero/jellyfin-vue.git
  2. npm i
  3. npm run tauri build -- --debug
  4. Run compiled release
  5. Attempt to access demo Jellyfin server at https://demo.jellyfin.org/stable a. The demo server is reset on the hour, so please be aware if testing :)
  6. Observe in JS console: Failed to load resource: WebKit encountered an internal error

Expected behavior Api should be accessed, should prompt user for username and password.

Screenshots If applicable, add screenshots to help explain your problem.

Platform and Versions (please complete the following information):

OS: Pop!_OS, version 20.10 X64 Node: 14.61.1 NPM: 6.14.12 Yarn: -- Rustc: 1.51.0

Additional context Same build steps work fine on Windows.

Stack Trace None generated

lucasfernog commented 3 years ago

Your repo doesn't exist anymore :(

crobibero commented 3 years ago

Ah I knew I was keeping the repo around for a reason! I've added it back and verified that the issue still exists.

lucasfernog commented 3 years ago

Seems like that's a CORS issue. The tauri://localhost domain is not allowed on the jellyfin server, so the console shows a Network error followed by the WebKit error.

You can see the CORS error when running the following fetch call:

fetch('https://demo.jellyfin.org/stable/System/Info/Public').then(console.log)

crobibero commented 3 years ago

I just got back to attempting this again, and I'm still having a CORS issue. When I make the request using Insomnia I can see the response headers being:

date: Mon, 21 Jun 2021 22:58:27 GMT
content-type: application/json; charset=utf-8
server: Kestrel
access-control-allow-origin: *
x-response-time-ms: 2
x-xss-protection: 1;mode=block
referrer-policy: no-referrer,same-origin,strict-origin,strict-origin-when-cross-origin
x-content-type-options: nosniff
strict-transport-security: max-age=31536000;includeSubDomains;preload

To me this means that any origin is allowed, so I don't think this is actually a CORS issue? I also attempted to make a request to https://webhook.site using the same method mentioned

fetch('https://webhook.site/56cad845-c0a9-40cd-9b46-eb9a9553a9f5').then(console.log) and also get a CORS issue there, where CORS isn't even being enforced.

Response headers when using Insomnia:

Server: nginx/1.14.2
Content-Type: text/plain; charset=UTF-8
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Request-Id: 2c0c2c93-219a-4810-9793-b70ca08b5195
X-Token-Id: 56cad845-c0a9-40cd-9b46-eb9a9553a9f5
Cache-Control: no-cache, private
Date: Mon, 21 Jun 2021 23:01:25 GMT
Set-Cookie: laravel_session=R8rXJqZakRCbylL0tJSHuyT7Ry02Vfb6mvgCpwO5; expires=Tue, 22-Jun-2021 01:01:25 GMT; Max-Age=7200; path=/; httponly
crobibero commented 3 years ago

Additionally, when making the request as fetch('https://demo.jellyfin.org/stable/System/Info/Public').then(console.log) on Windows, the request headers are:

:authority: demo.jellyfin.org
:method: GET
:path: /stable/System/Info/Public
:scheme: https
accept: */*
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
origin: https://custom-protocol-taurilocalhost
referer: https://custom-protocol-taurilocalhost/
sec-ch-ua: " Not;A Brand";v="99", "Microsoft Edge";v="91", "Chromium";v="91"
sec-ch-ua-mobile: ?0
sec-fetch-dest: empty
sec-fetch-mode: cors
sec-fetch-site: cross-site
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.114 Safari/537.36 Edg/91.0.864.54

On linux the request headers are:

Origin: tauri://localhost
Accept: */*
User-Agent: Mozila/5.0 (X11; Ubuntu; Linux x86_64) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0 Safari/605.1.15

I'm no CORS expert by any stretch, but I think the server doesn't like the custom protocol (tauri://). Is it possible to change the Origin?

cestef commented 3 years ago

Getting the same error: tauri info:

Operating System - Manjaro, version 21.1.0 X64

Node.js environment
  Node.js - 16.4.2
  @tauri-apps/cli - 1.0.0-beta.6
  @tauri-apps/api - 1.0.0-beta.5

Global packages
  npm - 7.17.0
  yarn - 1.22.10

Rust environment
  rustc - 1.53.0
  cargo - 1.53.0

App directory structure
/src
/s3
/.git
/amplify
/public
/src-tauri
/node_modules
/build
/.vscode

App
  tauri.rs - 1.0.0-beta.5
  build-type - bundle
  CSP - default-src blob: data: filesystem: ws: wss: http: https: tauri: 'unsafe-eval' 'unsafe-inline' 'self' img-src: 'self'
  distDir - ../build
  devPath - http://localhost:3000
  framework - React

happens on the appimage bundle on manjaro