Disclosure Statement: This site contains affiliate links, which means that I may receive a commission if you make a purchase using these links. As an eBay Partner, I earn from qualifying purchases.
If you find these projects useful please consider becoming a sponsor with Patreon, GitHub or Liberapay.

change in cors policy

Post Reply
czar
Posts: 4
Joined: Thu Jan 27, 2022 3:47 am

change in cors policy

Post by czar »

The implementation of CORS-RFC1918, has broken the way our app is working.

For reasons we cannot change we launch our legacy software by sending a message to a locahost server. This is software that we use in our business and is not software that runs on peoples private computers.

If I set the following back to disable in Chrome then our system works.

chrome://flags/#block-insecure-private-network-requests


However, I don't know how to make that work in CEF -

Code: Select all

  GlobalCEFApp                  := TCefApplication.Create;
  GlobalCEFApp.DisableWebSecurity := true;
I tried that but it didn't work - I am hoping someone can help otherwise I am not sure what other options we have other can going back to much older CEF build.
Top
User avatar
salvadordf
Posts: 4580
Joined: Thu Feb 02, 2017 12:24 pm
Location: Spain
Contact:
Contact salvadordf

Re: change in cors policy

Post by salvadordf »

Hi,

I don't know how to test this but perhaps these properties will work in your case.

Try adding this line before the GlobalCEFApp.StartMainProcess in the DPR file :

Code: Select all

GlobalCEFApp.DisableFeatures := 'BlockInsecurePrivateNetworkRequests';
Perhaps adding this can help too :

Code: Select all

GlobalCEFApp.AllowInsecureLocalhost := True;
There are several browser preferences that seem to be related to insecure content but let me know if these properties fix this issue.
Top
czar
Posts: 4
Joined: Thu Jan 27, 2022 3:47 am

Re: change in cors policy

Post by czar »

Thank you for your help, that works perfectly.
Top
Post Reply

Return to “General”