Closed
Bug 1514963
Opened 7 years ago
Closed 7 years ago
Domain permission does not allow extension to bypass CORS
Categories
(WebExtensions :: Untriaged, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1468162
People
(Reporter: wbobeirne, Unassigned)
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
Steps to reproduce:
I have an extension that has permissions for domains, and makes request to them. Sometimes those domains don't have CORS headers setup, but having the permission for the domain should bypass that.
I have constructed a small test-case of this if it needs to be reproduced: https://github.com/wbobeirne/firefox-addon-cors-bug
Actual results:
The request fails with a generic NetworkError. This also appears in the console:
> Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://localhost:6021/test. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Expected results:
The request should go through despite CORS headers. This works in Chrome and Opera.
|
||
Comment 1•7 years ago
|
||
I'm adding the component in order to involve the development team in reviewing this issue.
Component: Untriaged → DOM
Product: Firefox → Core
Thanks! For more context, the Chrome extension docs have a page specifically about this behavior: https://developer.chrome.com/extensions/xhr
|
||
Comment 3•7 years ago
|
||
I'm moving to WebExtension component to have their input on the expected behaviour.
Component: DOM → Untriaged
Product: Core → WebExtensions
|
||
Comment 4•7 years ago
|
||
This is caused by the lack of support of ports in match patterns, i.e. bug 1468162.
As a work-around, change
"permissions": [
"http://localhost:6021/*"
]
to
"permissions": [
"http://localhost/*"
]
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•