You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The WebKit used by MacOS defaults to prevent any cookie cross-site-tracking. This prevents the desktop app to access a self hosted backend in non-dev enviroments. This is due to the fact that the tauri://localhost is first-class site and the backend ist hosted somewhere else. On Windows the WebKit does not have this issue but is marked for soon deprecation. The DevTools already point this out with a warning message.
Steps to reproduce
Build the desktop app on MacOs with self hosted backend.
Environment
Production
Version
Self-hosted
The text was updated successfully, but these errors were encountered:
I dived quite deeply into this topic and learned a lot about what is really going on here. I have some solutions implemented with different security impacts. I am quite unsure about which way is planed for hoppscotch.
My current suggestion:
Implement different auth for windows and macos
1.) MacOs: use localstorage + JWT Bearer in Auth header. . This could be considered to be safe as in MacOs Webkit the localstorage is partioned and only accessable for the page who created the entry.
2.) Windows: use new partioned cookies as recommened by google as the localstorage will be not partioned.
This is working seemless on my fork.
I would like to talk to someone about all this before creating a PR.
Hi @mkohns , we're actively working on this issue. We expect it to be resolved by the end of the month with the upcoming release of our revamped desktop app.
Hey @AndrewBastin nice to meet you!
Cool to hear that you are making revamping enhancements to the desktop app.
I also played around with the tauri + backend to get JWT Bearer working instead of cookies for Mac.
Could you give me some hints which major changes you are planning to do?
Is there an existing issue for this?
Current behavior
The WebKit used by MacOS defaults to prevent any cookie cross-site-tracking. This prevents the desktop app to access a self hosted backend in non-dev enviroments. This is due to the fact that the tauri://localhost is first-class site and the backend ist hosted somewhere else. On Windows the WebKit does not have this issue but is marked for soon deprecation. The DevTools already point this out with a warning message.
Steps to reproduce
Build the desktop app on MacOs with self hosted backend.
Environment
Production
Version
Self-hosted
The text was updated successfully, but these errors were encountered: