Closed
Bug 958390
Opened 12 years ago
Closed 12 years ago
Add on is capable of injecting/modifying Options request, origin header for cors preflight
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: serg.gorbaty, Unassigned)
Details
Attachments
(1 file)
|
701.65 KB,
image/jpeg
|
Details |
image.jpg
User Agent: Mozilla/5.0 (iPad; CPU OS 7_0_4 like Mac OS X) AppleWebKit/537.51.1 (KHTML, like Gecko) Version/7.0 Mobile/11B554a Safari/9537.53
Steps to reproduce:
1. Install an extension such as modify headers
2. Configure to modify origin header on every request in the installed add on to 'http://sergey.test.com' or what have you
3. Visit a page that uses cors with preflight
(You can run locally this project is good enough https://github.com/osmlab/osm-auth/blob/gh-pages/index.html)
4. Open network console in ff
5. If you used the sample project from step 3, hit authenticate button, otherwise, initiate cors request from your app
Actual results:
Observe in network pane an options request with modified origin header that does not match the domain it originated from.
Expected results:
JavaScript doesnt have access to options header, extension should not need to either.
Latest chrome does not exhibit this behavior.
|
Reporter | |
Updated•12 years ago
|
OS: iOS 7 → Mac OS X
Hardware: ARM → x86_64
Summary: Add on is capable of injecting/modifying Options header for cors preflight → Add on is capable of injecting/modifying Options request, origin header for cors preflight
|
||
Comment 1•12 years ago
|
||
Firefox addons are quite a bit more powerful than Chrome extensions by design, for good and ill. There is no separation between what is "Firefox" and what is "Addon" once you've got them installed.
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•