ZengLiangYi
diff --git a/‎client/src/components/AuthGate.tsx‎
Lines changed: 3 additions & 2 deletions b/‎client/src/components/AuthGate.tsx‎
Lines changed: 3 additions & 2 deletions
diff --git a/‎client/src/hooks/use-import-stream.ts‎
Lines changed: 1 addition & 0 deletions b/‎client/src/hooks/use-import-stream.ts‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎client/src/lib/api.ts‎
Lines changed: 7 additions & 0 deletions b/‎client/src/lib/api.ts‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎client/src/types/electron.d.ts‎
Lines changed: 10 additions & 0 deletions b/‎client/src/types/electron.d.ts‎
Lines changed: 10 additions & 0 deletions
@@ -5,6 +5,7 @@ import {
 	api,
 	assertSafeWebAuthTransport,
 	getStoredToken,
+	isElectronCloudHttpAuthAllowed,
 	isInsecureRemoteHttpLocation,
 	setStoredToken,
 } from "@/lib/api.ts";
@@ -26,7 +27,7 @@ export function AuthGate({ children }: { children: ReactNode }) {
 	const refresh = useCallback(async () => {
 		setError(null);
 		setState((current) => ({ status: "loading", providerWarnings: current.providerWarnings }));
-		if (getStoredToken() && isInsecureRemoteHttpLocation()) {
+		if (getStoredToken() && isInsecureRemoteHttpLocation() && !isElectronCloudHttpAuthAllowed()) {
 			setError(t("auth.insecure_http"));
 			setState({ status: "token", providerWarnings: [] });
 			return;
@@ -63,7 +64,7 @@ export function AuthGate({ children }: { children: ReactNode }) {
 		setSubmitting(true);
 		setError(null);
 		try {
-			if (isInsecureRemoteHttpLocation()) {
+			if (isInsecureRemoteHttpLocation() && !isElectronCloudHttpAuthAllowed()) {
 				setError(t("auth.insecure_http"));
 				return;
 			}
 
@@ -46,6 +46,7 @@ export function useImportStream() {
     }
 
     fetch(`${API_BASE}/api/import/scan/stream`, {
+      method: 'POST',
       headers,
     })
       .then(async (res) => {
 
@@ -25,8 +25,15 @@ export function isInsecureRemoteHttpLocation(location = window.location): boolea
 	return location.protocol === "http:" && !LOCAL_HOSTS.has(location.hostname);
 }
 
+export function isElectronCloudHttpAuthAllowed(location = window.location): boolean {
+	const marker = window.chatcrystalElectronCloud;
+	if (!marker?.allowInsecureHttpAuth) return false;
+	return marker.origin === location.origin;
+}
+
 export function assertSafeWebAuthTransport(): void {
 	if (!isInsecureRemoteHttpLocation()) return;
+	if (isElectronCloudHttpAuthAllowed()) return;
 	throw new Error(
 		"Refusing to send ChatCrystal access tokens over public HTTP. Use HTTPS or a local tunnel.",
 	);
 
@@ -0,0 +1,10 @@
+export {};
+
+declare global {
+	interface Window {
+		chatcrystalElectronCloud?: {
+			allowInsecureHttpAuth: boolean;
+			origin: string;
+		};
+	}
+}
Original file line number	Diff line number	Diff line change
`@@ -46,6 +46,7 @@ export function useImportStream() {`
`46`	`46`	`}`
`47`	`47`
`48`	`48`	fetch(`${API_BASE}/api/import/scan/stream`, {
	`49`	`+ method: 'POST',`
`49`	`50`	`headers,`
`50`	`51`	`})`
`51`	`52`	`.then(async (res) => {`