fix(http): manually set origin header to tauri://localhost (#3210)

Committed via a GitHub action: https://github.com/tauri-apps/plugins-workspace/actions/runs/21007037147 Co-authored-by: FabianLars <FabianLars@users.noreply.github.com>
2026-01-31 00:45:17 +01:00 · 2026-01-14 19:27:11 +00:00
parent b9b2ba0ba0
commit 52728ef0d7
1 changed files with 8 additions and 5 deletions
--- a/src/commands.rs
+++ b/src/commands.rs
@@ -279,7 +279,7 @@ pub async fn fetch<R: Runtime>(

                if headers.contains_key(header::RANGE) {
                    // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch step 18
-                    // If httpRequest’s header list contains `Range`, then append (`Accept-Encoding`, `identity`)
+                    // If httpRequest's header list contains `Range`, then append (`Accept-Encoding`, `identity`)
                    headers.append(header::ACCEPT_ENCODING, HeaderValue::from_str("identity")?);
                }

@@ -290,10 +290,13 @@ pub async fn fetch<R: Runtime>(
                // ensure we have an Origin header set
                if cfg!(not(feature = "unsafe-headers")) || !headers.contains_key(header::ORIGIN) {
                    if let Ok(url) = webview.url() {
-                        headers.append(
-                            header::ORIGIN,
-                            HeaderValue::from_str(&url.origin().ascii_serialization())?,
-                        );
+                        // The url crate returns OpaqueOrigin for tauri://localhost which serializes to "null"
+                        let origin = if url.scheme() == "tauri" {
+                            "tauri://localhost".to_string()
+                        } else {
+                            url.origin().ascii_serialization()
+                        };
+                        headers.append(header::ORIGIN, HeaderValue::from_str(&origin)?);
                    }
                }