0

I want to disable same-origin policy in cefpython while using pywebview. I tried below code according to this page:

from webview.platforms.cef import command_line_switches

command_line_switches.update({
     'disable_web_security': 'True' }) # if i try to put a bool as value, it shows expected bytes, not bool

if __name__ == "__main__":
   webview.create_window('', url='http://localhost:5000/')
   webview.start(gui='cef')

But this doesn't seem to solve the problem. I have an iframe of a different origin where I want to trigger a click event. If the security is enabled then it will throw an error with the same-origin policy message. Am I missing something? How can I solve this?

Amin Pial
  • 383
  • 6
  • 12

1 Answers1

0

Cefpython browser settings

Not even the debug with cef is working, I cannot even load an image in pywebview without start a local server!!! I will switch to pyqt

UPDATE

It is a server side security, not a browser security!

edif
  • 105
  • 1
  • 9
  • Can you give more info? Do you still have errors? Give a shout if you still experience some problems... – edif Feb 13 '21 at 00:08
  • Hi, yes i am still experiencing the problem with disabling the same-origin policy. I tried with switch key in settings of cefpython and others but didn't really work. And also you can load an image without a local server. Please check the examples directory of the pywebview repository on GitHub. You can directly run an HTML/CSS/js in the window without needing a local server. Sure, You can switch to Pyqt but don't forget that you will miss the flexibility of using front end web techs to build UI & UX. Pywebview/eel is just a light python version of electron.js. – Amin Pial Feb 13 '21 at 05:26
  • Do you own that origin or is a page from someone else? – edif Feb 14 '21 at 23:16
  • of course from someone else. If I have one I could have used a window message or socket to communicate. – Amin Pial Feb 15 '21 at 06:03
  • What I think is happening is that you are being denied by their server. Even if you disable the security of your browser, It is a setting imposed in the headers response. It is better explained [here](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) – edif Feb 15 '21 at 12:31
  • Yep. That seems to be the cause. But is there any way to even disable the header effect? – Amin Pial Feb 15 '21 at 13:25
  • In theory, you don't. Unless the website allows the origin... it depends what is the content you wish to use from that website. Can you explicitly tell what you trying to put on the iframe? It seems you are trying to break some security measures!!! Have you tried to simulate a click on the button with javascript on that site? – edif Feb 15 '21 at 14:03