Fetch api not working within addon




WebExtensions: Untriaged
9 months ago
9 months ago


(Reporter: marcelrobitaille11, Unassigned)


52 Branch

Firefox Tracking Flags

(Not tracked)




9 months ago
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0
Build ID: 20170307144106

Steps to reproduce:

I am trying to create an addon (for personal use only) that make a request to `https://localhost:5678`. I am using a self-signed sll certificate for a node.js server running on localhost. The relevant code is as follows:

    fetch('https://localhost:5678', {
      mode: 'cors',
      method: 'POST',
      body: JSON.stringify({ id, feed }),
    }).catch((err) => {
      if(typeof err === 'string') err = new Error(err)

Actual results:

When I paste this into the console, everything works fine. When I run it in my add on (loaded as a temporary addon in `about:debugging`), I get the not-so-descriptive error message:

    TypeError: NetworkError when attempting to fetch resource.
    Stack trace:

Expected results:

The request should have been made. I think this is a new issue with firefox 52; this used to work fine.


9 months ago
Component: Untriaged → WebExtensions: Untriaged
Product: Firefox → Toolkit
This works from the browser console because system requests are immune to same-origin restrictions. You either need to add localhost to the host permissions in your manifest.json, or make sure it's returning the right CORS headers to allow POST requests from your extension.
Last Resolved: 9 months ago
Resolution: --- → INVALID

Comment 2

9 months ago
I thought it was something like this but an employee at `/r/firefox` sent me here thinking it was a bug. Sorry for wasting your time. I can confirm that adding `*://localhost/*` to my `manifest.json` has resolved the issue; thank you very much. A more helpful error message might be something to think about.
Unfortunately, vague error messages are required by the Fetch spec, for the sake of security. They're meant to leak as little information as possible to untrusted callers.
Sorry for asking you to file, I wasn't aware of the CORS issue. It's always better to file one bug too many than too few :)

Thanks for reporting!

Comment 5

9 months ago
(In reply to Zibi Braniecki [:gandalf][:zibi] from comment #4)

I don't mind reporting; my issue was solved. I was just worried about wasting people's time.
You need to log in before you can comment on or make changes to this bug.