@aptre/bldr-saucer 0.2.6 → 0.3.1

package/CMakeLists.txt

@@ -19,6 +19,7 @@ set(saucer_serializer "Glaze" CACHE STRING "" FORCE)
 set(saucer_no_version_check ON CACHE BOOL "" FORCE)
 set(saucer_examples OFF CACHE BOOL "" FORCE)
 set(saucer_tests OFF CACHE BOOL "" FORCE)
+set(saucer_exceptions OFF CACHE BOOL "" FORCE)
 
 # cpp-yamux options.
 set(YAMUX_BUILD_TESTS OFF CACHE BOOL "" FORCE)

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@aptre/bldr-saucer",
-  "version": "0.2.6",
+  "version": "0.3.1",
   "description": "Native webview bridge for Bldr using Saucer",
   "main": "index.js",
   "repository": {
@@ -33,11 +33,11 @@
     "release:publish": "git push && git push --tags"
   },
   "optionalDependencies": {
-    "@aptre/bldr-saucer-darwin-arm64": "0.2.6",
-    "@aptre/bldr-saucer-darwin-x64": "0.2.6",
-    "@aptre/bldr-saucer-linux-x64": "0.2.6",
-    "@aptre/bldr-saucer-linux-arm64": "0.2.6",
-    "@aptre/bldr-saucer-win32-x64": "0.2.6"
+    "@aptre/bldr-saucer-darwin-arm64": "0.3.1",
+    "@aptre/bldr-saucer-darwin-x64": "0.3.1",
+    "@aptre/bldr-saucer-linux-x64": "0.3.1",
+    "@aptre/bldr-saucer-linux-arm64": "0.3.1",
+    "@aptre/bldr-saucer-win32-x64": "0.3.1"
   },
   "files": [
     "index.js",
@@ -49,6 +49,6 @@
     "@aptre/common": "^0.30.3"
   },
   "dependencies": {
-    "@aptre/protobuf-es-lite": "^0.5.2"
+    "@aptre/protobuf-es-lite": "^1.0.0"
   }
 }

package/src/main.cpp

@@ -113,8 +113,16 @@ coco::stray start(saucer::application* app) {
     // Register bldr:// scheme BEFORE creating the webview.
     saucer::webview::register_scheme("bldr");
 
+    // Construct a per-instance storage path from the runtime ID.
+    // This ensures concurrent bldr-saucer instances don't share webview storage.
+    auto storage = std::filesystem::temp_directory_path() / ("bldr-saucer-" + runtime_id);
+
     auto window = saucer::window::create(app).value();
-    auto webview = saucer::smartview::create({.window = window});
+    auto webview = saucer::smartview::create({
+        .window = window,
+        .non_persistent_data_store = true,
+        .storage_path = storage,
+    });
 
     window->set_title("Bldr");
     window->set_size({1024, 768});
@@ -157,7 +165,7 @@ coco::stray start(saucer::application* app) {
     // The smartview's own handler returns unhandled for unrecognized messages,
     // so this handler sees them next.
     constexpr std::string_view eval_prefix = "__bldr_eval:";
-    webview->on<saucer::webview::event::message>({{.func = [eval_registry, eval_prefix](std::string_view message) -> saucer::status {
+    webview->on<saucer::webview::event::message>([eval_registry, eval_prefix](std::string_view message) -> saucer::status {
         if (!message.starts_with(eval_prefix)) {
             return saucer::status::unhandled;
         }
@@ -183,7 +191,7 @@ coco::stray start(saucer::application* app) {
             eval_registry->Deliver(eval_id, "", data);
         }
         return saucer::status::handled;
-    }}});
+    });
 
     // Start accept loop for Go-initiated streams (debug eval).
     // webview is a std::expected; use &(*webview) to get a pointer to the contained value.

package/src/scheme_forwarder.cpp

@@ -14,14 +14,30 @@ static std::string toLower(const std::string& s) {
     return out;
 }
 
+// corsHeaders are Access-Control headers added to all scheme responses.
+// WebKit treats custom scheme origins as opaque (null), so all fetch requests
+// from pages loaded via bldr:// are cross-origin. These headers allow them.
+static const std::map<std::string, std::string> corsHeaders = {
+    {"Access-Control-Allow-Origin", "*"},
+    {"Access-Control-Allow-Methods", "GET, POST, OPTIONS"},
+    {"Access-Control-Allow-Headers", "*"},
+};
+
 // sendError sends an error response to the saucer writer.
 static void sendError(saucer::scheme::stream_writer& writer, int status) {
-    writer.start({.mime = "text/plain", .status = status});
+    writer.start({.mime = "text/plain", .headers = corsHeaders, .status = status});
     writer.finish();
 }
 
 void SchemeForwarder::forward(const saucer::scheme::request& req,
                                saucer::scheme::stream_writer& writer) {
+    // Handle CORS preflight directly without forwarding to Go.
+    if (toLower(req.method()) == "options") {
+        writer.start({.mime = "text/plain", .headers = corsHeaders, .status = 204});
+        writer.finish();
+        return;
+    }
+
     // Open a new yamux stream.
     auto [stream, err] = session_->OpenStream();
     if (err != yamux::Error::OK || !stream) {
@@ -93,9 +109,9 @@ void SchemeForwarder::forward(const saucer::scheme::request& req,
         if (resp.has_info && !started) {
             started = true;
 
-            // Extract Content-Type header (case-insensitive).
+            // Extract Content-Type header (case-insensitive) and merge CORS headers.
             std::string mime = "application/octet-stream";
-            std::map<std::string, std::string> hdrs;
+            std::map<std::string, std::string> hdrs(corsHeaders);
             for (const auto& [key, val] : resp.info.headers) {
                 if (toLower(key) == "content-type") {
                     mime = val;