- Code: Select all
command_line->AppendSwitch("allow-universal-access-from-files");
command_line->AppendSwitch("allow-file-access-from-files");
In CEF 104 it seems that even with these flags we can load the local content, but cross-site requests are blocked by CORS policy. I've tried adding
- Code: Select all
command_line->AppendSwitch("disable-web-security")
The Request Handling section referenced from #14 on the FAQ says that the correct way to deal with this is to either make a custom scheme, or intercept the requests and set them up as appropriate. So if I'm understanding this correctly, it sounds like the expected workflow is to
- Stop using file://
- Intercept / add scheme
- Update server side to allow access for whatever this new scheme is in Access-Control-Allow-Origin
With regard to the last item, I tried using CefAddCrossOriginWhitelistEntry with my new scheme but this doesn't seem to override what the server says is allowed, so I'm not entirely sure I'm understanding what this function does.
I was able to get my client partially working by using a fake https url that I intercept and return the local file. This made it possible to generate the request and send along the cookies I needed because my fake url matched the expected scheme and domain from the server. I'm happy there is at least this way of doing things - but is there really not a way to force this stuff to work from the client side anymore or am I missing something?
I am mainly curious if this is a more future-proof way to handle this problem or if I am greatly over-complicating this. It seems like security changes are increasingly making it difficult to use this the way we have been for many years, but I guess that is the point.