Open kcmvp opened 1 year ago
stffabi
commented
1 year ago Thanks for using Wails and opening this.
You can achieve this by using a custom AssetServer middleware that injects those two headers.
There's also a discord thread that has more information about exactly your use-case: https://discord.com/channels/1042734330029547630/1115379135464874095
kcmvp
commented
1 year ago thank you very much! I will have a try
kcmvp
commented
1 year ago had a try, but it seems it does not set the response header 1: set Middleware
AssetServer: &assetserver.Options{ Assets: assets, Middleware: assetserver.ChainMiddleware(CSP), },
2: CSP
func CSP(handler http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { // https://github.com/rhysd/vim.wasm/issues/45 w.Header().Set("Cross-Origin-Opener-Policy", "same-origin") w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp") fmt.Println("def") fmt.Println(w.Header().Get("Cross-Origin-Opener-Policy")) }) }
build the project and run it again 1: in the console I can see logs "def" and "same-origin" but I open the front page directly in chrome(curl -v), I can not see the http headers. here is the output
< HTTP/1.1 200 OK < Access-Control-Allow-Origin: * < Content-Type: text/html < Cache-Control: no-cache < Etag: W/"249-3dHCE3uxOAj93xphJKZYTUoA54w" < Date: Tue, 11 Jul 2023 03:08:37 GMT < Connection: keep-alive < Keep-Alive: timeout=5 < Content-Length: 585
stffabi
commented
1 year ago 2: CSP
It seems like your middleware does not call the original handler, it should look like this and call the original handler at the end.
func CSP(handler http.Handler) http.Handler {
return http.HandlerFunc(
func(w http.ResponseWriter, r *http.Request) {
// https://github.com/rhysd/vim.wasm/issues/45
w.Header().Set("Cross-Origin-Opener-Policy", "same-origin")
w.Header().Set("Cross-Origin-Embedder-Policy", "require-corp")
fmt.Println("def")
fmt.Println(w.Header().Get("Cross-Origin-Opener-Policy"))
handler.ServeHTTP(w, r) // Call the original request chain
}
)
}but I open the front page directly in chrome(curl -v)
Which address and port did you use to do the curl?
Description
I am building an app base on https://github.com/rhysd/vim.wasm, which depends on the SharedArrayBuffer and Atomics, I ran into below error with csp exception.
react-dom.development.js:22839 Uncaught ReferenceError: SharedArrayBuffer is not defined at new VimWorker (vimwasm.js:1:1638) at new VimWasm (vimwasm.js:1:13290) at Vim.tsx:74:13 at commitHookEffectListMount (react-dom.development.js:23150:26) at commitPassiveMountOnFiber (react-dom.development.js:24926:13) at commitPassiveMountEffects_complete (react-dom.development.js:24891:9) at commitPassiveMountEffects_begin (react-dom.development.js:24878:7) at commitPassiveMountEffects (react-dom.development.js:24866:3) at flushPassiveEffectsImpl (react-dom.development.js:27039:3)react-native has the same issue, https://github.com/facebook/create-react-app/issues/10210#issuecomment-873286336
seems the solution works by adding two http response header
Cross-Origin-Opener-Policy: same-origin Cross-Origin-Embedder-Policy: require-corphow to achieve this in wails?
To Reproduce
1: create a simple wails app with react-ts template 2: copy source react-vim into the project. 3: run the project get the result.
Expected behaviour
support custome http response headers .
Screenshots
No response
Attempted Fixes
No response
System Details
Additional context
No response