[Webkit-unassigned] [Bug 229034] New: [GTK] Origin is empty when sending fetch/XHR request to servers

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Aug 12 04:39:08 PDT 2021


https://bugs.webkit.org/show_bug.cgi?id=229034

            Bug ID: 229034
           Summary: [GTK] Origin is empty when sending fetch/XHR request
                    to servers
           Product: WebKit
           Version: Other
          Hardware: PC
                OS: Linux
            Status: NEW
          Keywords: Gtk
          Severity: Normal
          Priority: P3
         Component: WebKitGTK
          Assignee: webkit-unassigned at lists.webkit.org
          Reporter: wusyong9104 at gmail.com
                CC: bugs-noreply at webkitgtk.org

I got a weird CORS behavior that if I register a URI scheme, gtk:// for example. If the page is loaded with that URI scheme, and then using fetch or XHR inside that webview to any server that enables CORS, it will got the following errors.

> [Error] Origin  is not allowed by Access-Control-Allow-Origin.
> [Error] Fetch API cannot load http://mockbin.org/bin/123fj399fiv due to access control checks.
> [Error] Failed to load resource: Origin  is not allowed by Access-Control-Allow-Origin.

The origin seems to be empty, not even null. But if I checked in the devtools, the origin will be there (gtk://localhost for example)
Setting Access-Control-Allow-Origin: * will pass, but any others won't(gtk://, gtk://*, gtk://localhost... etc).
Functions webkit_security_manager_register_uri_scheme_as_cors_enabled(security_manager, "gtk") didn't work either.

-- 
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210812/1cce770d/attachment.htm>


More information about the webkit-unassigned mailing list