Thank you for the testcase!!! I was able to reproduce this. I don't think there's a networking issue here, I think this is because the Instagram resource is responding with `cross-origin-resource-policy: same-origin` which causes the response body to be stripped when the download is initiated from the add-on scope. I'm not sure what the *intended* behavior is for this. Essentially I believe that Instagram is using this feature to *prevent* this kind of thing, and they want users to only be able to initiate the download after navigating to an Instagram web property. Anne, Christoph, Shane: is the behavior described in comment 0 is expected for add-ons initiating downloads? I think it makes sense for CORP to be applied to sites that are trying to load cross-origin sub-resources, and am not sure if the underlying intention applies in the add-on case.
Bug 1710251 Comment 2 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Thank you for the testcase!!! I was able to reproduce this. I don't think there's a networking issue here, I think this is because the Instagram resource is responding with `cross-origin-resource-policy: same-origin` which causes the response body to be stripped when the download is initiated from the add-on scope. I'm not sure what the *intended* behavior is for this. Essentially I believe that Instagram is using this feature to *prevent* this kind of thing, and they want users to only be able to initiate the download after navigating to an Instagram web property. Anne, Christoph, Shane: is the behavior described in comment 0 expected for add-ons initiating downloads? I think it makes sense for CORP to be applied to sites that are trying to load cross-origin sub-resources, and am not sure if the underlying intention applies in the add-on case.