Compatibility with Safari

[Canvinus]

          Now have CORS issues only in safari (Version 16.6). In chromium browsers works just fine!

Originally posted by @Canvinus in #5 (comment)

[Canvinus]

Issue: Safari refuses to fetch data from bos-loader due to mixed content (HTTP within HTTPS)

Description:

The problem I've encountered isn't related to CORS. Instead, it stems from Safari's stringent security measures, which differ significantly from most other browsers. Specifically, bos-loader is hosted over HTTP, and when we bind it to near.org (which uses an SSL certificate), Safari refuses to fetch the data. This is due to a security concern where the TLS connection downgrades to HTTP.

Temporary Solution:

I managed to find a workaround, although I'm uncertain about its long-term viability. I self-signed the certificates and hosted the warp with TLS. After this adjustment, everything started functioning correctly in Safari.

[mpeterdev]

thanks for the detailed report!

I recommend anyone deal with this use ngrok which will give you an SSL endpoint

1. run bos-loader
2. run ngrok http 3030
3. copy the generated https endpoint and use that on near.org/flags

You can also set up an ngrok configuration file if you would like a consistent ngrok URL instead of a new randomly generated one each time you run it. I will create an issue for documenting this further in the README

⚠️ Be aware that ngrok endpoints are accessible to the open internet. This can also be used to your advantage to run bos-loader on one machine and load components on another (e.g. mobile)