fix(http): manually set origin header to tauri://localhost (#3210)

FabianLars · web-flow · commit b1dbee2c55c1 · 2026-01-14T20:26:17.000+01:00
diff --git a/.changes/fix-http-origin.md b/.changes/fix-http-origin.md
@@ -0,0 +1,6 @@
+---
+http: patch
+http-js: patch
+---
+
+Fixed an issue that caused the Origin header to always be `null` on macOS, iOS and Linux.
diff --git a/plugins/http/src/commands.rs b/plugins/http/src/commands.rs
@@ -279,7 +279,7 @@ pub async fn fetch<R: Runtime>(
 
                 if headers.contains_key(header::RANGE) {
                     // https://fetch.spec.whatwg.org/#http-network-or-cache-fetch step 18
-                    // If httpRequest’s header list contains `Range`, then append (`Accept-Encoding`, `identity`)
+                    // If httpRequest's header list contains `Range`, then append (`Accept-Encoding`, `identity`)
                     headers.append(header::ACCEPT_ENCODING, HeaderValue::from_str("identity")?);
                 }
 
@@ -290,10 +290,13 @@ pub async fn fetch<R: Runtime>(
                 // ensure we have an Origin header set
                 if cfg!(not(feature = "unsafe-headers")) || !headers.contains_key(header::ORIGIN) {
                     if let Ok(url) = webview.url() {
-                        headers.append(
-                            header::ORIGIN,
-                            HeaderValue::from_str(&url.origin().ascii_serialization())?,
-                        );
+                        // The url crate returns OpaqueOrigin for tauri://localhost which serializes to "null"
+                        let origin = if url.scheme() == "tauri" {
+                            "tauri://localhost".to_string()
+                        } else {
+                            url.origin().ascii_serialization()
+                        };
+                        headers.append(header::ORIGIN, HeaderValue::from_str(&origin)?);
                     }
                 }
 
