Prompt to ignore CORS checking between different localhost ports
Categories
(Core :: DOM: Security, enhancement)
Tracking
()
People
(Reporter: prographodeveloper, Unassigned, NeedInfo)
Details
(Keywords: parity-chrome, parity-safari)
Attachments
(1 file)
134.98 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_2) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/13.0.4 Safari/605.1.15
Steps to reproduce:
I'm developing, so ... https://localhost
Actual results:
Firefox is complaining https://localhost... this is very annoying for development.
Chrome and Safari immediately display "Allow" option on the page, then works for everything.
Expected results:
Please allow option to turn off all checking for localhost and always trust for all connections including cross requests (eg wss to stuff running on localhost). thanks.
Comment 1•5 years ago
|
||
(In reply to prographodeveloper from comment #0)
Please allow option to turn off all checking for localhost
Chrome and Safari immediately display "Allow" option on the page, then works for everything.
Seems sensible enough to display something like a notification bar for this. Confirming as a valid enhancement request.
Comment 2•5 years ago
|
||
(In reply to Gingerbread Man from comment #1)
(In reply to prographodeveloper from comment #0)
Please allow option to turn off all checking for localhost
This is for file: protocol pages I don't think this is relevant.
I think the correct module for this would be the permission manager but I'm also not certain.
Comment 3•5 years ago
|
||
Why not DOM Security? Permission Manager is about permission manager internals, mostly, which this is not, right?
Comment 4•5 years ago
|
||
Changed summary in an attempt to better describe the request, but I'm still not sure it's what you really want. I'm not sure why "local development" ignoring CORS helps you because when you deploy you're still going to have to deal with CORS so shouldn't that be part of your work?
Comment 5•5 years ago
|
||
Hey prographodeveloper,
Looking back at the initial bug request, are you able to provide us with some more details of what the code is doing?
Could you provide a screenshot of the approval button that Safari/Chrome provide too?
Thanks!
Comment 6•5 years ago
|
||
We'd need strong justification for violating the same origin policy. Just because it's "localhost" doesn't mean we can ignore the "port" part of the origin triple of scheme-host-port. This should be discussed on a forum somewhere to get a lot more buy-in.
Description
•