The OpenD Programming Language

ICoreWebView2CustomSchemeRegistration.GetAllowedOrigins

List of origins that are allowed to issue requests with the custom scheme, such as XHRs and subresource requests that have an Origin header. The origin of any request (requests that have the Origin header) to the custom scheme URI needs to be in this list. No-origin requests are requests that do not have an Origin header, such as link navigations, embedded images and are always allowed. Note: POST requests always contain an Origin header, therefore AllowedOrigins must be set for even for same origin POST requests. Note that cross-origin restrictions still apply. From any opaque origin (Origin header is null), no cross-origin requests are allowed. If the list is empty, no cross-origin request to this scheme is allowed. Origins are specified as a string in the format of scheme://host:port. The origins are string pattern matched with * (matches 0 or more characters) and ? (matches 0 or 1 character) wildcards just like the URI matching in the AddWebResourceRequestedFilter API. For example, "http://*.example.com:80". Here's a set of examples of what is allowed and not:

| Request URI | Originating URL | AllowedOrigins | Allowed | | -- | -- | -- | -- | | custom-scheme:request | https://www.example.com | {"https://www.example.com"} | Yes | | custom-scheme:request | https://www.example.com | {"https://*.example.com"} | Yes | | custom-scheme:request | https://www.example.com | {"https://www.example2.com"} | No | | custom-scheme-with-authority://host/path | custom-scheme-with-authority://host2 | {""} | No | | custom-scheme-with-authority://host/path | custom-scheme-with-authority2://host | {"custom-scheme-with-authority2://*"} | Yes | | custom-scheme-without-authority:path | custom-scheme-without-authority:path2 | {"custom-scheme-without-authority:*"} | No | | custom-scheme-without-authority:path | custom-scheme-without-authority:path2 | {"*"} | Yes |

The returned strings and the array itself must be deallocated with CoTaskMemFree.

interface ICoreWebView2CustomSchemeRegistration
HRESULT
GetAllowedOrigins

Meta