The Contanki add-on inherits from AnkiWebView, similarly to my add-on.
But because of the new security precautions in 25.02.1, if the webview is not one of the specified allowed enums, it won’t have an authorization token inserted in its headers. Because there’s no kind
set, it defaults to AnkiWebViewKind.DEFAULT
which isn’t allowed access.
The quick and hacky fix is to piggyback on one of the whitelisted AnkiWebViewKinds
when initializing, so something like super().__init__(kind=AnkiWebViewKind.EDITOR)
. I’ve tested this and both add-ons work again.
I’m a newbie so I’m not sure of the ‘proper’ way to fix this. Do we consume the _APIKEY
from aqt.mediasrv
and set our own headers? Or is there any other way? Advice appreciated.
I didn’t post this in the main github issues as i didn’t feel like it merited a thread over there. Hope it’s okay to post this here.