vitvad / access-control-allow-origin Goto Github PK
View Code? Open in Web Editor NEWChrome extension: https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
Chrome extension: https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi
When the browser is restarted, the extension stops working until the settings window is opened. The reload
function is executed when the extension is first installed or the window is opened. It should also be executed when Chrome is opened – perhaps by listening for the chrome.runtime.onStartup
event?
Hi, I got everything working except "patch" method. Is there any problem with this or should I do something special?
Thanks for your time.
Can be useful
I'm receiving errors like this on a recent version of chrome:
The 'Access-Control-Allow-Origin' header contains multiple values 'https://example.com, *', but only one is allowed. Origin 'https://example.com' is therefore not allowed access.
This also breaks pages that worked before the extension is enabled, in addition to failing to disable security for the pages that need it.
For instance, pattern http://www.example.com/*
matches the xhr but returns 404.
The full url is http://www.example.com/v1/something-more?blah=vblah
I get 404 because I see in devtools/Network that the requested url is changed to http://localhost:3300/undefined/something-more?blah=blah
.
localhost:3300
, this is the url of the app and not the requested url!undefined
is another mistake that doesn't make any sense.Any help is appreciated.
So I had little bit time on this week end and merge some pull requests.
Seems I finally start realize how I want to improve extension.
First of all I want keep switching on/off states as simple as is now. So maybe better get rid from popup page suggested by @mhahmadi . Instead settings have to move to options page available through context menu on extension icon or in through extension list page in chrome.
features:
as for current code:
@mhahmadi, @thegecko open to ideas. lets proceed conversation here.
I just tried to add userscript using backbone to github.com
and failed, because of "script-src 'unsafe-eval' assets-cdn.github.com collector-cdn.github.com"
. Hope that in future extension can be able rewrite Content-Security-Policy
.
@vitvad I'd be interested in helping move this project forward, any chance I could get access to help?
Hi,
Great extension but I'm unable to use it currently because the API I am using deals with custom headers.
Could Access-Control-Allow-Headers be set to "*" whilst the extension is active, too?
Cheers
I´d like to use the extension on specific websites like https://example.com or have it active on specific site. Do you know how?
I've had a couple of issues when "Access-Control-Expose-Headers" is enabled and were immediately fixed when disabled.
I started using the extension for a project I am working on. Discovered that it causes an error if it is on while I am on Facebook. A window pops up saying "Something went wrong. Please try closing and reopening your browser window." The message can be closed and the site still works though sometimes it stops working.
There is also this text that shows up on the page:
Response contained invalid JSON. Reason: Unexpected token o in JSON at position 1 for (;;);{"__ar":1,"error":1357004,"errorSummary":"Sorry, something went wrong","errorDescription":"Please try closing and re-opening your browser window.","payload":null,"bootloadable":{},"ixData":{},"gkxData":{},"lid":"6548430904423846021"}
Any ideas on how to fix this? I imagine it happens on other sites too but Facebook is the first time I've seen it in the 12 hours that I have been using the extension. It can be fixed by turning off the extension but I don't really want to toggle it each time I need it or don't need it.
I am interested in trying to fix this but I am not sure I have the time/experience with this tech.
Hey again.
The extension doesn't seem to be setting Access-Control-Expose-Headers for response headers, as such any custom response headers cannot be accessed. Chrome instead throws error messages, for example:
Refused to get unsafe header "Date"
Refused to get unsafe header "X-Some-Header"
Cheers
Could you please add removal of original "Access-Control-Allow-Origin" header before adding "Access-Control-Allow-Origin: *".
XMLHttpRequest cannot load https://externaldomain.com. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'http://localhost.localdomain:8080' is therefore not allowed access.
this is one error. Uncaught ReferenceError: angular is not defined
I've added "Link" to the Access-Control-Expose-Headers but it doesn't work because when I do res.xhr.getResponseHeader("Link") it returns following:
Refused to get unsafe header "Link"
I tried several different ways to specify the pattern that contains port number for example http://127.0.0.1:9000/ in my angular app, no luck so far any ideas?
Chrome still disallows cross domain ajax requests other than the first one when multiple cross domain ajax requests are being done asynchronously. Only the first request executed as expected.
*://*/*
fixes the errors I'm having while running applications locally on http:/localhost:3003/
, but it causes problems with other sites (github) so I'd like to limit it to localhost, but I can't get any pattern other than the above working.
None of these fix my issues on localhost, what gives?
*://localhost/*
*://localhost:*/*
*://localhost:3003/*
http://localhost/*
localhost/*
http://127.0.0.1/*
*://127.0.0.1/*
*://127.0.0.1:3003/*
Hi,
I was simply wondering why, since today's update, this extension requires you to send it all of your browsing data?
Thanks a bunch.
Hie, and thx for you r usefull application.
I ve an issue when i add a new url pattern, my new entry is just ignored and the old one (by default) is keeped.
Can you fix this please, it would be usefull?
Thx
Otherwise you get this error:
XMLHttpRequest cannot load https://r5---sn-cxab5jvh-cg0el.googlevideo.com/videoplayback?dur=16.901&lmt…ss=yes&cpn=30E7n7GFP1iKltGo&c=WEB&cver=1.20161219&range=0-7959&rn=1&rbuf=0. A wildcard '*' cannot be used in the 'Access-Control-Allow-Origin' header when the credentials flag is true. Origin 'https://www.youtube.com' is therefore not allowed access. The credentials mode of an XMLHttpRequest is controlled by the withCredentials attribute.
Hi, I really like this extension and I use in many of my development, however, I don't get why there's a request with evil.com?
Need to check
For example, for the file: scheme, only onBeforeRequest, onResponseStarted, onCompleted, and onErrorOccurred may be dispatched.
API
chrome.webRequest.onBeforeSendHeaders.addListener(requestListener, {urls: result.urls},["blocking", "requestHeaders"]);
So leaving on disabled (Default chrome setting)
If I restart browser it turns the requests on with green icon.
If someone could explain me how this works I would appreciate it.
Thanks
Is there any chance you can add some open-source compliant license to this repo?
Great extension, by the way!
Nice chrome extension, but one suggestion:
Change chrome.storage.local to chrome.storage.sync to sync URL between your clients/browsers.
Thanks,
Timo
Being enabled, it seems it's not working as expected.
Any idea?
Hi, I have tried using a plugin, and I observe an issue, that cookies parameter is missing from request headers.
In case I use --disable-web-security flag Cookies parameter is on place.
Thanks.
It says "Allow-Control-Allow-Origin", but should be "Access-"!!
Whenever you update your browser (or extension) it forgets settings.
This happens, because onInstalled
event fired on each browser or extension update.
Here docs: https://developer.chrome.com/extensions/runtime#event-onInstalled
Fired when the extension is first installed, when the extension is updated to a new version, and when Chrome is updated to a new version.
can be achieved by setting the Access-Control-Allow-Headers in the response.
I'm using this for development. When I need to make a request that has custom headers in it, chrome will make a preflight request that would fail with a 403 status code. Is it possible to handle this as well?
Double check with fidler
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.