near
Compatibility with Safari
Now have CORS issues only in safari (Version 16.6). In chromium browsers works just fine!
Originally posted by @Canvinus in https://github.com/near/bos-loader/issues/5#issuecomment-1697173620
Issue: Safari refuses to fetch data from bos-loader due to mixed content (HTTP within HTTPS)
Description:
The problem I've encountered isn't related to CORS. Instead, it stems from Safari's stringent security measures, which differ significantly from most other browsers. Specifically, bos-loader is hosted over HTTP, and when we bind it to near.org (which uses an SSL certificate), Safari refuses to fetch the data. This is due to a security concern where the TLS connection downgrades to HTTP.
Temporary Solution:
I managed to find a workaround, although I'm uncertain about its long-term viability. I self-signed the certificates and hosted the warp with TLS. After this adjustment, everything started functioning correctly in Safari.
thanks for the detailed report!
I recommend anyone deal with this use ngrok which will give you an SSL endpoint
- run bos-loader
- run
ngrok http 3030 - copy the generated https endpoint and use that on near.org/flags
You can also set up an ngrok configuration file if you would like a consistent ngrok URL instead of a new randomly generated one each time you run it. I will create an issue for documenting this further in the README
⚠️ Be aware that ngrok endpoints are accessible to the open internet. This can also be used to your advantage to run bos-loader on one machine and load components on another (e.g. mobile)
