Problem
WRY serves assets on Android via a custom shouldInterceptRequest implementation under the origin http://tauri.localhost. Android WebView does not treat this as a secure context, blocking a growing set of web platform APIs from working in Tauri Android apps.
Why this matters now
Chrome 148 (~July 2026) ships two features simultaneously that make this urgent:
| Use case |
Pre-148 |
Post-148 |
| Shared WebSocket/SSE across tabs |
Workaround required |
✅ SharedWorker |
| WASM module shared across tabs |
Not possible |
✅ SharedWorker |
| Async work after page unload |
Service Worker required |
✅ Extended Lifetime SharedWorker |
| Offline caching |
Service Worker |
Service Worker (unchanged) |
SharedWorker on Android and Extended Lifetime SharedWorker together mean developers no longer need a Service Worker for the majority of PWA use cases. SharedWorker only requires a secure context — but http://tauri.localhost is not one, so Tauri Android apps cannot use any of this.
See the Chrome Intent to Ship: http://www.mail-archive.com/blink-dev@chromium.org/msg16196.html
Root cause
http://tauri.localhost is not https://, http://localhost (exact), or file:// — the three origins Android WebView considers secure. The custom shouldInterceptRequest intercept does not grant secure context regardless of what it serves.
The fix
Switch Android asset serving to androidx.webkit.WebViewAssetLoader configured with https://tauri.localhost. Android WebView treats origins served via WebViewAssetLoader as secure contexts.
The domain stays the same — tauri.localhost — just served over https:// via the asset loader instead of intercepted over http://.
val assetLoader = WebViewAssetLoader.Builder()
.setDomain("tauri.localhost")
.addPathHandler("/", WebViewAssetLoader.AssetsPathHandler(context))
.build()
webView.webViewClient = object : WebViewClientCompat() {
override fun shouldInterceptRequest(
view: WebView,
request: WebResourceRequest
): WebResourceResponse? {
return assetLoader.shouldInterceptRequest(request.getUrl())
}
}Out of scope
Service Worker support (tauri-apps/tauri#11500) is a separate problem requiring an additional ServiceWorkerController hookup. It shares this root cause but is independent — fixing SharedWorker does not require fixing Service Workers, and vice versa.
iOS equivalent
#1587 — App-Bound Domains for Service Workers on iOS/WKWebView.
References
Problem
WRY serves assets on Android via a custom
shouldInterceptRequestimplementation under the originhttp://tauri.localhost. Android WebView does not treat this as a secure context, blocking a growing set of web platform APIs from working in Tauri Android apps.Why this matters now
Chrome 148 (~July 2026) ships two features simultaneously that make this urgent:
SharedWorker on Android and Extended Lifetime SharedWorker together mean developers no longer need a Service Worker for the majority of PWA use cases. SharedWorker only requires a secure context — but
http://tauri.localhostis not one, so Tauri Android apps cannot use any of this.See the Chrome Intent to Ship: http://www.mail-archive.com/blink-dev@chromium.org/msg16196.html
Root cause
http://tauri.localhostis nothttps://,http://localhost(exact), orfile://— the three origins Android WebView considers secure. The customshouldInterceptRequestintercept does not grant secure context regardless of what it serves.The fix
Switch Android asset serving to
androidx.webkit.WebViewAssetLoaderconfigured withhttps://tauri.localhost. Android WebView treats origins served viaWebViewAssetLoaderas secure contexts.The domain stays the same —
tauri.localhost— just served overhttps://via the asset loader instead of intercepted overhttp://.Out of scope
Service Worker support (tauri-apps/tauri#11500) is a separate problem requiring an additional
ServiceWorkerControllerhookup. It shares this root cause but is independent — fixing SharedWorker does not require fixing Service Workers, and vice versa.iOS equivalent
#1587 — App-Bound Domains for Service Workers on iOS/WKWebView.
References
shouldInterceptRequestthreading issues on Android