Merge pull request #192 from Snapmaker/dev_2.3.0_alves

feature add authority for mac os

scripts/disable_validation.entitlements

@@ -2,7 +2,20 @@
 <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
 <plist version="1.0">
 <dict>
+    <!-- Allow dynamic loading of libraries without signature validation. Used for 3dconnection drivers. -->
     <key>com.apple.security.cs.disable-library-validation</key>
     <true/>
+    <!-- Allow JIT compilation (required for JavaScript/WKWebView on macOS) -->
+    <key>com.apple.security.cs.allow-jit</key>
+    <true/>
+    <!-- Allow unsigned executable memory (required for JIT/WKWebView) -->
+    <key>com.apple.security.cs.allow-unsigned-executable-memory</key>
+    <true/>
+    <!-- Allow DYLD environment variables -->
+    <key>com.apple.security.cs.allow-dyld-environment-variables</key>
+    <true/>
+    <!-- Explicitly disable App Sandbox (this app needs full filesystem/network access) -->
+    <key>com.apple.security.app-sandbox</key>
+    <false/>
 </dict>
 </plist>

src/dev-utils/platform/osx/Info.plist.in

@@ -130,10 +130,47 @@
   <string>NSApplication</string>
   <key>NSHighResolutionCapable</key>
   <true/>
+  <key>NSLocalNetworkUsageDescription</key>
+  <string>Snapmaker Orca needs access to your local network to discover and connect to your 3D printer(s), and to serve the app's device interface on localhost.</string>
+  <key>NSBonjourServices</key>
+  <array>
+    <string>_http._tcp</string>
+    <string>_printer._tcp</string>
+  </array>
   <key>LSEnvironment</key>
   <dict>
     <key>ASAN_OPTIONS</key>
     <string>detect_container_overflow=0</string>
   </dict>
+  <!-- Allow HTTP connections to localhost for local web server (required for newer macOS versions) -->
+  <key>NSAppTransportSecurity</key>
+  <dict>
+    <!-- Completely disable ATS for localhost (allows HTTP instead of HTTPS) -->
+    <key>NSAllowsLocalNetworking</key>
+    <true/>
+    <!-- Allow arbitrary loads for local development server -->
+    <key>NSAllowsArbitraryLoads</key>
+    <false/>
+    <!-- Specific exception for localhost connections -->
+    <key>NSExceptionDomains</key>
+    <dict>
+      <!-- Allow HTTP (not HTTPS) for localhost -->
+      <key>localhost</key>
+      <dict>
+        <key>NSExceptionAllowsInsecureHTTPLoads</key>
+        <true/>
+        <key>NSIncludesSubdomains</key>
+        <true/>
+      </dict>
+      <!-- Allow HTTP for 127.0.0.1 -->
+      <key>127.0.0.1</key>
+      <dict>
+        <key>NSExceptionAllowsInsecureHTTPLoads</key>
+        <true/>
+        <key>NSIncludesSubdomains</key>
+        <false/>
+      </dict>
+    </dict>
+  </dict>
 </dict>
 </plist>