From 619caba9a60661f57f8888cebb5087a0aee78de7 Mon Sep 17 00:00:00 2001
From: Vinlic <vinlic@vinlic.com>
Date: Wed, 11 Oct 2023 01:20:13 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E5=85=81=E8=AE=B8=E4=B8=8D?=
 =?UTF-8?q?=E5=AE=89=E5=85=A8=E4=B8=8A=E4=B8=8B=E6=96=87=E9=80=89=E9=A1=B9?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 README.en-US.md                  | 2 ++
 README.md                        | 2 ++
 core/Page.js                     | 2 +-
 docs/api-reference-high-level.md | 5 +++++
 lib/global-config.js             | 8 ++++++++
 5 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/README.en-US.md b/README.en-US.md
index ed80981..3bd4aa4 100644
--- a/README.en-US.md
+++ b/README.en-US.md
@@ -286,6 +286,8 @@ wvc.config({
     browserUseGPU: true,
     // Path to the browser executable file; setting this will disable the internal browser; it's recommended to use the internal browser for completeness
     browserExecutablePath: "...",
+    // Allow unsafe contexts, false by default. Once enabled, users can navigate to unsafe URLs, but due to unsafe context restrictions, dynamic images and embedded videos cannot be used on the page
+    allowUnsafeContext: false,
     // Compatible rendering mode; not recommended to enable; enabling this will disable HeadlessExperimental.beginFrame API calls and use regular Page.screenshot, which can lead to decreased rendering performance and frame rate desynchronization in some animations; you can try enabling it if you encounter the error "TargetCloseError: Protocol error (HeadlessExperimental.beginFrame): Target closed"
     compatibleRenderingMode: false,
     // Minimum number of browser instances in the resource pool
diff --git a/README.md b/README.md
index 17ff04d..3e356fa 100644
--- a/README.md
+++ b/README.md
@@ -292,6 +292,8 @@ wvc.config({
     browserDisableDevShm: false,
     // 浏览器可执行文件路径，设置后将禁用内部的浏览器，建议您默认使用内部的浏览器以确保功能完整性
     browserExecutablePath: "...",
+    // 是否允许不安全的上下文，默认禁用，开启后能够导航到不安全的URL，但由于不安全上下文限制，将无法在页面中使用动态图像和内嵌视频
+    allowUnsafeContext: false,
     // 兼容渲染模式，不建议启用，启用后将禁用HeadlessExperimental.beginFrame API调用改为普通的Page.screenshot
     // 这会导致渲染性能下降，且部分动画可能帧率无法同步，当你遭遇 TargetCloseError: Protocol error (HeadlessExperimental.beginFrame): Target closed 错误的时候可以尝试开启它
     compatibleRenderingMode: false,
diff --git a/core/Page.js b/core/Page.js
index 88fdb36..a16ac4e 100644
--- a/core/Page.js
+++ b/core/Page.js
@@ -181,7 +181,7 @@ export default class Page extends EventEmitter {
         // 清除资源
         this.#clearResources();
         // 检查URL
-        // this.#checkURL(url);
+        !globalConfig.allowUnsafeContext && this.#checkURL(url);
         // 开始CDP会话
         await this.#startCDPSession();
         // 监听CSS动画
diff --git a/docs/api-reference-high-level.md b/docs/api-reference-high-level.md
index 19599b7..edcb8af 100644
--- a/docs/api-reference-high-level.md
+++ b/docs/api-reference-high-level.md
@@ -62,6 +62,11 @@
             <td>string</td>
             <td>浏览器可执行文件路径，设置后将禁用内部的浏览器，建议您默认使用内部的浏览器以确保功能完整性</td>
         </tr>
+        <tr>
+            <td>allowUnsafeContext</td>
+            <td>boolean</td>
+            <td>默认禁用，开启后能够导航到不安全的URL，但由于不安全上下文限制，将无法在页面中使用动态图像和内嵌视频</td>
+        </tr>
         <tr>
             <td>compatibleRenderingMode</td>
             <td>boolean</td>
diff --git a/lib/global-config.js b/lib/global-config.js
index f10ea6f..3ee1451 100644
--- a/lib/global-config.js
+++ b/lib/global-config.js
@@ -80,6 +80,14 @@ export default {
      */
     browserExecutablePath: null,
 
+    /**
+     * 是否允许不安全的上下文
+     * 
+     * 默认禁用，开启后能够导航到不安全的URL
+     * 但由于不安全上下文限制，将无法在页面中使用动态图像和内嵌视频
+     */
+    allowUnsafeContext: false,
+
     /**
      * 兼容渲染模式
      *