Menu
When porting my Chrome extension to a Firefox web-extension, I can't make any network requests because they are blocked by the same origin policy.
As an example:
const headers = {"content-type": "application/json" };
window.fetch(myDomain + "/api/v3/token", { method: "GET", headers: headers });
This fails with the following error:
Is there a way to configure the Firefox extension to not consider these requests CORS? The same code works just fine as a Google Chrome extension.
This holds true even if the request goes to localhost.
I have tried this with jquery's $.ajax method and axios library to get the same result (works in Chrome, doesn't work in Firefox) so I don't think the problem is limited to the window.fetch API.
EDIT: I know that I can add a CORS handler on the server side, but I'm trying not to do that. And why does this work in Chrome and not in Firefox?
EDIT 2: The extension is a popup
968
Simply activate the add-on and perform the request. CORS or Cross Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature.
The button can be found by right-clicking a toolbar and choosing customize. It is labelled CorsE and has 3 states: red, addon is disabled, CORS rules are upheld. green, addon is enabled, CORS rules are bypassed.
A user can toggle the extension on and off from the toolbar button. To modify how these headers are altered, use the right-click context menu items. You can customize what method are allowed. The default option is to allow 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH' methods.
CORS is supported by default on all modern browsers (and since Firefox 3.5). The server being accessed by JavaScript has to give the site hosting the HTML document in which the JS is running permission via CORS HTTP response headers. security.
This is documented here: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/permissions#Host_permissions
In short you need to add a host permission for localhost to mame same-origin requests by default. I don't know why Google Chrome handles this differently.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
