Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Firefox extension request is interpreted as CORS

Tags:

javascript

same-origin-policy

google-chrome-extension

firefox-addon-webextensions

When porting my Chrome extension to a Firefox web-extension, I can't make any network requests because they are blocked by the same origin policy.

As an example:

const headers = {"content-type": "application/json" };
window.fetch(myDomain + "/api/v3/token", { method: "GET", headers: headers });

This fails with the following error:

enter image description here

Is there a way to configure the Firefox extension to not consider these requests CORS? The same code works just fine as a Google Chrome extension.

This holds true even if the request goes to localhost.

I have tried this with jquery's $.ajax method and axios library to get the same result (works in Chrome, doesn't work in Firefox) so I don't think the problem is limited to the window.fetch API.

EDIT: I know that I can add a CORS handler on the server side, but I'm trying not to do that. And why does this work in Chrome and not in Firefox?

EDIT 2: The extension is a popup

like image 968
Daniel Kats Avatar asked Mar 02 '18 19:03

Daniel Kats

People also ask

How do I fix the problem with CORS in Firefox?

Simply activate the add-on and perform the request. CORS or Cross Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature.

How do I enable CORS extensions in Firefox?

The button can be found by right-clicking a toolbar and choosing customize. It is labelled CorsE and has 3 states: red, addon is disabled, CORS rules are upheld. green, addon is enabled, CORS rules are bypassed.

How do I unblock CORS in Firefox?

A user can toggle the extension on and off from the toolbar button. To modify how these headers are altered, use the right-click context menu items. You can customize what method are allowed. The default option is to allow 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH' methods.

Does Firefox have CORS?

CORS is supported by default on all modern browsers (and since Firefox 3.5). The server being accessed by JavaScript has to give the site hosting the HTML document in which the JS is running permission via CORS HTTP response headers. security.

1 Answers

This is documented here: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/permissions#Host_permissions

In short you need to add a host permission for localhost to mame same-origin requests by default. I don't know why Google Chrome handles this differently.

like image 97
Andrew Swan Avatar answered Oct 21 '22 08:10

Andrew Swan
Sign in to Comment

Related questions

Test suite failed to run. Invariant Violation: _registerComponent(...): Target container is not a DOM element
How to programmatically focus a text input in iOS, coming from a trusted onchange event of a select tag?
Vuex Mapping Getter with Argument - Cached?
Moving Vue components around inside the dom?
How does the [].push.apply work?
React Modal Does Not Close In Between Loading Content
Why does my submit button gets re-enabled before all fields are filled in?
yii2 datepicker disable dates using javascript
Height of the Monaco Editor
ES6 promise execution order for returned values
NodeJS - Jest unit test setTimeout in process.on callback
What is the exact meaning of export keyword in Angular 2\TypeScript?
Implementing a dynamic JSX element within a marker, using react-leaflet
JS - property replacement
React Native ReferenceError Can't find variable
HTML5 - Detect the type of error when trying to load a video using a source element
Align arbitrary number of elements with different widths to a grid with wrapping
Change content of text elements in svg on a node.js server
Variable with reg expression is not recognized in js
Right approach to display success, error messages via NGRX

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!