We have a web application that needs to interact with local hardware (a smartcard). We have developed an app running on localhost that interact with hardware and exposes some services. The web application is exposed in https and calls services on lcalhost in http (we can't have a valid certificate for localhost). Safari blocks the call with this error in the console:
XMLHttpRequest cannot load http://127.0.0.1:58666/status due to access control checks.
All other major browsers (Chrome, FireFox, Edge) work without problems.
Some references:
- https://stackoverflow.com/questions/66689081/localhost-http-accessed-from-https-webpage-why-no-mixed-content-error
- https://bugs.webkit.org/show_bug.cgi?id=171934
Is there a workaround to let Safari do the call? Do you have an alternative solution?