'Electron How to avoid CORS-RFC1918 (private network)?
Electron v17, which has chromium v98
My BrowserWindow uses loadURL, and the web page loaded calls api from another host. I cannot modify the web. The web works fine in normal browser like chrome(version 98), though it requires a little cross origin settings for chrome to work.
How can I make electron to avoid the cors policy ?
Here are the methods I've tried. All together, not one by one.
- webSecurity: false
- app.commandLine.appendSwitch('disable-features', 'OutOfBlinkCors')
- app.commandLine.appendSwitch('disable-site-isolation-trials')
- onBeforeSendHeaders, requestHeaders, add "Origin", "Access-Control-Request-Method", "Access-Control-Request-Private-Network"
- onHeadersReceived, responseHeaders, add "Access-Control-Allow-Origin", "Access-Control-Allow-Private-Network"
Here is the error in the console of electron.
Access to XMLHttpRequest at 'http://xxxxxx.com' from origin 'http://yyyyyyy.com' has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space `private`.
Once I adding the code below, it shows another error
- app.commandLine.appendSwitch('disable-features', 'BlockInsecurePrivateNetworkRequests')
The error changes to
Access to XMLHttpRequest at 'http://xxxxxx.com' from origin 'http://yyyyyyy.com' has been blocked by CORS policy: Request had no target IP address space, yet the resource is in address space `private`.
Solution 1:[1]
Well, finally I made a localhost server to serve the web. Then there is no such request which is called from a 'public' url and ask a 'private' url for response.
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | chyj4747 |