fix(http): manually set origin header to tauri://localhost (#3210)

2026-01-31 00:45:24 +01:00 · 2026-01-14 20:26:17 +01:00
parent d7a0bb325d
commit b1dbee2c55
2 changed files with 14 additions and 5 deletions
--- a/.changes/fix-http-origin.md
+++ b/.changes/fix-http-origin.md
@@ -0,0 +1,6 @@
+---
+http: patch
+http-js: patch
+---
+
+Fixed an issue that caused the Origin header to always be `null` on macOS, iOS and Linux.
--- a/plugins/http/src/commands.rs
+++ b/plugins/http/src/commands.rs
@@ -279,7 +279,7 @@ pub async fn fetch<R: Runtime>(

                if headers.contains_key(header::RANGE) {
                    // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch step 18
-                    // If httpRequest’s header list contains `Range`, then append (`Accept-Encoding`, `identity`)
+                    // If httpRequest's header list contains `Range`, then append (`Accept-Encoding`, `identity`)
                    headers.append(header::ACCEPT_ENCODING, HeaderValue::from_str("identity")?);
                }

@@ -290,10 +290,13 @@ pub async fn fetch<R: Runtime>(
                // ensure we have an Origin header set
                if cfg!(not(feature = "unsafe-headers")) || !headers.contains_key(header::ORIGIN) {
                    if let Ok(url) = webview.url() {
-                        headers.append(
-                            header::ORIGIN,
-                            HeaderValue::from_str(&url.origin().ascii_serialization())?,
-                        );
+                        // The url crate returns OpaqueOrigin for tauri://localhost which serializes to "null"
+                        let origin = if url.scheme() == "tauri" {
+                            "tauri://localhost".to_string()
+                        } else {
+                            url.origin().ascii_serialization()
+                        };
+                        headers.append(header::ORIGIN, HeaderValue::from_str(&origin)?);
                    }
                }