Chromium Embedded Framework Forum

[magreenblatt]

If your intent is to make requests to other origins then you should use `CEF_SCHEME_OPTION_STANDARD | CEF_SCHEME_OPTION_SECURE | CEF_SCHEME_OPTION_CORS_ENABLED | CEF_SCHEME_OPTION_FETCH_ENABLED`. This is the closest that you can get to the behavior of HTTPS without actually using HTTPS (which is something you might want to consider, because some things still won't work with a custom scheme). See the documentation on those flags.

[Stynson]

My problem is that I am getting this message when I am using my custom scheme:

Code: Select all

Refused to display 'https://myapidomain.com' in a frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors https://mywebdomain.com

The strange thing for me is that I specified this flag when created my custom scheme: CEF_SCHEME_OPTION_CSP_BYPASSING

Isn't it supposed to bypass these kind of CSP checks?

[magreenblatt]

The strange thing for me is that I specified this flag when created my custom scheme: CEF_SCHEME_OPTION_CSP_BYPASSING

Isn't it supposed to bypass these kind of CSP checks?

It might bypass CSP checks for other origins trying to load your custom scheme, but it won't bypass CSP checks that apply when loading content from the HTTPS scheme. You can try CefAddCrossOriginWhitelistEntry, or add/remove the CSP-related header values directly using CefResourceRequestHandler callbacks. See documentation on those methods for usage.

[Stynson]

That make sense I will check the mentioned things.

Also I have issues with localStorage/sessionStorage when using the same custom scheme.

Code: Select all

VM1915:1 Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

[magreenblatt]

That make sense I will check the mentioned things.

Also I have issues with localStorage/sessionStorage when using the same custom scheme.

Code: Select all

VM1915:1 Uncaught DOMException: Failed to read the 'sessionStorage' property from 'Window': Access is denied for this document.

As mentioned above, some things only work when using http/https schemes (requests for which can also be handled inside the client). This is likely one of those things.

[Stynson]

It worked for me with custom scheme with older ( ~2years old ) CEF versions.

So could be the case that it no longer supported?

What else can I use to access local files through a custom filesystem?

Perhaps I should use file:/// scheme with a custom scheme handler?

[magreenblatt]

Use the https scheme. It can be intercepted/handled the same way as a custom scheme. See https://bitbucket.org/chromiumembedded/ ... t-handling