How to fix 'Origin: file://' in Tizen web application

Question

When running a Tizen TV web-app, packaged as a .wgt file, on simulator, emulator or physical TV device it makes POST requests containing a 'Origin: file://' header, which are rejected by the server. GET requests do not include an origin header and work as expected.

The project is configured as tv-samsung-5.0 and contains the following relevant config lines:

<?xml version="1.0" encoding="UTF-8"?> <widget xmlns="http://www.w3.org/ns/widgets" xmlns:tizen="http://tizen.org/ns/widgets" id="https://redacted.be" version="0.0.1" viewmodes="maximized"> <feature name="http://tizen.org/feature/network.internet"/> <tizen:profile name="tv-samsung"/> <tizen:allow-navigation>*.redacted.be</tizen:allow-navigation> <tizen:content-security-policy>default-src 'self'; connect-src 'self' https://*.youtube.com https://*.redacted.be; style-src 'self' 'unsafe-inline'; media-src https://*.youtube.com https://*.redacted.be blob: </tizen:content-security-policy> <tizen:setting screen-orientation="landscape" context-menu="enable" background-support="disable" encryption="disable" install-location="auto" hwkey-event="enable"/> <tizen:privilege name="http://tizen.org/privilege/internet"/> </widget>

The app is built with react-native-web, using the axios network library.

How can I avoid that the app sends this Origin header?

score 3 · Answer 1 · answered Jul 03 '19 at 16:31

3

Don't forget to add privilege and allow domains in your config.xml

<tizen:privilege name="http://tizen.org/privilege/internet"/>
<access origin="*" subdomains="true"></access>

answered Jul 03 '19 at 16:31

Iqbal hossain

1,778
3
17
24

Thanks @iqbal-hossain; correct, I forgot to mention it in my post here, but it was already included in the config.xml – tvanlaerhoven Jul 08 '19 at 09:02

score 1 · Accepted Answer · answered Jul 04 '19 at 09:56

Here is the part of MDN docs which states that some headers (including 'Origin') are in full control of user agent and cannot be modified by developer (you can find more details in this response). You need to consider changing the configuration of the server you are trying to reach by adding CORS rules (a tutorial here)

Moreover I did some more research and find this article which describes a method of using some proxy tool to workaround similar problem. If you cannot change the server configuration, maybe the article will be useful for you.

At this point, when not in control of the server, using a proxy seems the only solution. — tvanlaerhoven, Jul 08 '19 at 09:05

score 1 · Answer 3 · answered Jul 08 '19 at 20:38

1

You cannot change this. Actually some older Tizen TVs will send an empty Origin. Your server should somehow take this into account, or if you do not control the server, use proxy as was suggested in another answer.

answered Jul 08 '19 at 20:38

jayarjo

16,124
24
94
138

How to fix 'Origin: file://' in Tizen web application

3 Answers3