Community Widget Builder cannot load images from local HTTPS server (CORS / Private Network Access)

Self-hosted Grist 1.7.16 on Docker.

Using Community Widget Builder.

Widget loads images from https://192.168.0.20/....

Chromium reports:

Access to image ... from origin https://gristlabs.github.io has been blocked by CORS policy: The request client is not a secure context and the resource is in more-private address space local.

Update: The issue seems to have resolved itself after a number of changes. I upgraded my self-hosted Grist installation from an older version to 1.7.16, renewed my Apache HTTPS certificate, and cleared browser caches/site data. I cannot say which change made the difference, but the ImageMap widget is now working normally again in both Firefox and Chromium.

I still occasionally notice that the background image is not loaded on the first attempt. Switching to another record and back usually makes it appear, so there may still be a small timing issue in the widget, but the main problem is gone for now.

Thanks for your help!

Hello,

Version 1.7.16 has the following change:

Custom widgets

  • Reverted a restriction that disallowed same-origin custom-widget URLs, which had broken some unusual but legitimate setups (commit)

I was having the same issue you were, but just decided to host the html pages for my custom widgets on github.

Thanks! That’s very interesting.

I upgraded from an older self-hosted version to 1.7.16 during my troubleshooting. The widget is now working again.

My widget is built with the Community Widget Builder and loads images from an Apache server on my local network. During debugging both Firefox and Chromium reported CORS / Private Network Access errors mentioning gristlabs.github.io, so I was wondering whether the recent widget changes and browser security changes together may have contributed to the issue.

For now everything is working again, apart from an occasional image that needs a second selection before it appears