Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: disable CORS when webSecurity is disabled #25463

Merged
merged 1 commit into from Sep 16, 2020
Merged

fix: disable CORS when webSecurity is disabled #25463

merged 1 commit into from Sep 16, 2020

Conversation

zcbenz
Copy link
Member

@zcbenz zcbenz commented Sep 15, 2020

Description of Change

Close #23664.

Chromium has moved some web security controls from blink to browser, this PR updates our code to also disable web security in browser.

Checklist

Release Notes

Notes: Fix CORS not being disabled by webSecurity: false.

@electron-cation electron-cation bot added new-pr 🌱 PR opened in the last 24 hours and removed new-pr 🌱 PR opened in the last 24 hours labels Sep 15, 2020
@nornagon nornagon merged commit 993eab6 into master Sep 16, 2020
@release-clerk
Copy link

release-clerk bot commented Sep 16, 2020

Release Notes Persisted

Fix CORS not being disabled by webSecurity: false.

@nornagon nornagon deleted the web-security-disable-cors branch September 16, 2020 21:56
This was referenced Sep 16, 2020
Merged
Merged
Merged
@trop
Copy link
Contributor

trop bot commented Sep 16, 2020

I have automatically backported this PR to "10-x-y", please check out #25503

@trop trop bot removed the target/10-x-y label Sep 16, 2020
@trop
Copy link
Contributor

trop bot commented Sep 16, 2020

I have automatically backported this PR to "11-x-y", please check out #25504

@trop
Copy link
Contributor

trop bot commented Sep 16, 2020

I have automatically backported this PR to "9-x-y", please check out #25505

@schacker
Copy link

mark

@petargyurov petargyurov mentioned this pull request Jan 20, 2021
Open
@vrunhofen
Copy link

I had issues with an older version where cors wasn't being disabled by setting websecurity to false.
I would get a 'sameorigin' error. So, updated to latest electron (npm version 13.1.3) and it still has the same issue.
Now I get a message in the electron console (not window console) saying "Failed to load URL: https://google.com/ with error: ERR_BLOCKED_BY_RESPONSE

@nornagon
Copy link
Member

@vrunhofen please open a new issue with a standalone test case, preferably using Electron Fiddle. Thanks!

Aiz0 added a commit to Aiz0/FreeTube that referenced this pull request Sep 26, 2022
@Aiz0
Remove disable CORS Line. issue is fixed upstream
2e9c734 
issue was fixed in electron/electron#25463

it will now be disabled when with webSecurity: false
@Aiz0 Aiz0 mentioned this pull request Sep 26, 2022
Merged
4 tasks
PrestonN pushed a commit to FreeTubeApp/FreeTube that referenced this pull request Sep 26, 2022
@Aiz0
Remove disable CORS Line. issue is fixed upstream (#2623)
148db55 
issue was fixed in electron/electron#25463

it will now be disabled when with webSecurity: false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nornagon nornagon nornagon approved these changes

@deepak1556 deepak1556 deepak1556 approved these changes

@MarshallOfSound MarshallOfSound MarshallOfSound approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Electron 9.0.0 webSecurity option no longer disables CORS
6 participants
@zcbenz @schacker @vrunhofen @nornagon @deepak1556 @MarshallOfSound