Jayden/AFFiNE-Mirror
1
0
Fork 0
mirror of https://github.com/toeverything/AFFiNE.git synced 2026-02-23 09:17:06 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix(electron): add refer/origin to api requests (#9880)

Browse Source 
related to BS-2181
This commit is contained in:
pengx17
2025-02-02 10:05:02 +00:00
parent a95803d33b
commit 3834699c68
4 changed files with 19 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
packages/frontend/apps/electron/src/main/constants.ts
View File

@@ -1,4 +1,4 @@
export const mainWindowOrigin = process.env.DEV_SERVER_URL || 'file://.';
export const mainWindowOrigin = 'file://.';
export const onboardingViewUrl = `${mainWindowOrigin}${mainWindowOrigin.endsWith('/') ? '' : '/'}onboarding`;
export const shellViewUrl = `${mainWindowOrigin}${mainWindowOrigin.endsWith('/') ? '' : '/'}shell.html`;
export const backgroundWorkerViewUrl = `${mainWindowOrigin}${mainWindowOrigin.endsWith('/') ? '' : '/'}background-worker.html`;

17
packages/frontend/apps/electron/src/main/protocol.ts
View File

@@ -41,10 +41,19 @@ function isNetworkResource(pathname: string) {
}
async function handleFileRequest(request: Request) {
const urlObject = new URL(request.url);
// Redirect to webpack dev server if defined
if (process.env.DEV_SERVER_URL) {
const devServerUrl = new URL(
urlObject.pathname,
process.env.DEV_SERVER_URL
);
return net.fetch(devServerUrl.toString(), request);
}
const clonedRequest = Object.assign(request.clone(), {
bypassCustomProtocolHandlers: true,
});
const urlObject = new URL(request.url);
// this will be file types (in the web-static folder)
let filepath = '';
// if is a file type, load the file in resources
@@ -181,6 +190,12 @@ export function registerProtocol() {
.join('; ');
delete details.requestHeaders['cookie'];
details.requestHeaders['Cookie'] = cookieString;
// mitigate the issue of the worker not being able to access the origin
if (isNetworkResource(pathname)) {
details.requestHeaders['origin'] = url.origin;
details.requestHeaders['referer'] = url.origin;
}
}
})()
.catch(err => {

7
packages/frontend/apps/electron/src/main/security-restrictions.ts
View File

@@ -2,12 +2,7 @@ import { app, shell } from 'electron';
app.on('web-contents-created', (_, contents) => {
const isInternalUrl = (url: string) => {
return (
(process.env.DEV_SERVER_URL &&
url.startsWith(process.env.DEV_SERVER_URL)) ||
url.startsWith('affine://') ||
url.startsWith('file://.')
);
return url.startsWith('file://.');
};
/**
* Block navigation to origins not on the allowlist.