Skip to content

Commit 64e7f10

Browse files
LiangTheDevLiangTheDev
authored
Update HostResourceMapping.md
1 parent b6f5c1b commit 64e7f10

File tree

1 file changed

+8
-3
lines changed

1 file changed

+8
-3
lines changed

specs/HostResourceMapping.md

Lines changed: 8 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -27,19 +27,23 @@ webView.Navigate("https://app-file.invalid/index.html");
2727
# Remarks
2828
Choose a virtual host name that will not be used by real sites.
2929
If you own a domain (like example.com), an option is to use a sub domain reserved for the app (like my-app.example.com).
30-
If you don't own a domain, [RFC 2606](https://tools.ietf.org/html/rfc2606#section-2) has reserved several top level domain that would
30+
If you don't own a domain, [RFC 6761](https://tools.ietf.org/html/rfc6761) has reserved several special-use domain names that would
3131
not be used by real sites, like .example, .test, and .invalid.
3232

3333
Give only minimal cross orign access neccessary to run the app. If there is no need to access local resources
34-
from other sites, use COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY.
34+
from other origins, use COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY.
3535

3636
# API Notes
3737
See [API Details](#api-details) section below for API reference.
3838

3939
# API Details
4040

4141
## Win32 C++
42-
42+
The follow table illustrates the host resource cross origin access according to access context and `COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND`.
43+
Cross Origin Access Context | DENY | ALLOW | DENY_CORS
44+
--- | --- | --- | ---
45+
From DOM like src of img or script element| Deny | Allow | Allow
46+
From Script like Fetch or XMLHttpRequest| Deny | Allow | Deny
4347
```IDL
4448
/// Kind of cross origin resource access allowed for host resources during download.
4549
/// Note that other normal access checks like same origin DOM access check and [Content
@@ -68,6 +72,7 @@ interface ICoreWebView2_2 : ICoreWebView2 {
6872
/// Add a host name mapping for host resources in a folder.
6973
/// After adding the mapping, the app can then use http or https urls with the specified hostName as host name
7074
/// of the urls to access files in the local folder specified by folderPath.
75+
/// This applies to top level document and iframe navigations as well as sub resource references from a document.
7176
/// accessKind specifies the kind of access control to the host resources from other sites.
7277
/// Relative folderPath is supported and interpreted as relative to the exe path of the app.
7378
/// For example, after calling AddVirtualHostNameToFolderMapping(L"app-file.invalid", L".",

0 commit comments

Comments
 (0)