Rank: Newbie Groups: Member
Joined: 11/3/2020 Posts: 1
|
Hi!
I am working on a project where I need the browser to be able to open local file links.
This is possible if I set the EnableWebSecurity to false but that will cause another problem which can be seen by running the code below:
InitializeComponent(); webView1.SetOptions(new BrowserOptions { EnableWebSecurity = false }); EO.WebBrowser.WebView.ShowDebugUI(); webView1.Url = MyUrl;
If I run this with EnableWebSecurity=true and comparing it to when EnableWebSecurity=false I see that when EnableWebSecurity is set to false the "Origin" header is no longer on the request and the access-control-allow headers are stripped from the response which will cause problems for my application.
So this does not seem to be the way to solve the problem with opening local file links.
Does anyone know how to accomplish that?
Janne
|
Rank: Administration Groups: Administration
Joined: 5/27/2007 Posts: 24,217
|
Hi,
You do not need to set EnableWebSecurity just to open a local file Url. However you do need to try to access local files when the current Url comes from a less trusted zone. An obvious example for this case is JavaScript code in a page from the Internet won't be able to access any local file. And you can expect, this is an important and necessary security measure in this case. As such turning it off could no doubt introduce other problems.
I do not know exactly how you use local file Urls. However a common workaround for local file is to use custom resource handler to convert local file Url to an Internet Url. So for example, instead of accessing "c:/very/important.jpg", you can use a fake Url "http://www.myfakeserver.com/c/very/important.jpg". Here "myfakeserver.com" is a non-existing server and you can replace it with whatever you want. You would then use custom resource handler to intercept this Url and server the contents from your local file system. The main benefit of this approach is that you will not be turning off any security rules.
Thanks!
|