Comments (5)
mhahmadi
commented on August 17, 2024
Access-Control-Allow-Headers cannot be a wildcard
http://www.w3.org/TR/cors/#access-control-allow-headers-response-header
from access-control-allow-origin.
mhahmadi
commented on August 17, 2024
as long as you specify those custom headers in your ajax request your browser should take care of the preflight request invisible to you and the extension should satisfy the browser by setting the Access-Control-Allow-Headers header in the response with the appropriate value.
can you explain in more detail what isn't working here?
from access-control-allow-origin.
mikehayesuk
commented on August 17, 2024
Ok so the problem is I'm working with my API in the browser (assets served on a different port to the API).
I have, as expected, this error:
XMLHttpRequest cannot load http://localhost:8000/api/some/route.
No 'Access-Control-Allow-Origin' header is present on the requested resource.
Origin 'http://localhost:9000' is therefore not allowed access.
Then I enable your extension, which resolves the above error but gives further expected errors regarding Access-Control-Allow-Headers:
XMLHttpRequest cannot load http://localhost:8000/api/some/route.
Request header field Cache-Control is not allowed by Access-Control-Allow-Headers.
I think for the extension to be useful to a lot of people it should resolve this scenario too (if possible). Since the value cannot be a wildcard, perhaps the extension could be configurable to set some headers which need to be in the Access-Control-Allow-Headers value?
In the above case it's actually a pretty common header for forcing proxies etc to give a fresh response. However my application sets various other custom request headers too. At the moment I'm having to launch Chrome with the --disable-web-security flag which is pretty nasty.
from access-control-allow-origin.
mhahmadi
commented on August 17, 2024
the extension is supposed to address this scenario. are you sending lots of requests at the same time (possibly with different custom headers)? I suggest you test your scenario in isolation.
to test the extension I use the following Express snippet for the backend:
https://gist.github.com/mhahmadi/56bfacd1da00f668a90e
and in chrome console:
xmlhttp=new XMLHttpRequest();
xmlhttp.open("GET","http://localhost:3000");
xmlhttp.setRequestHeader('cache-control', 'no-cache');
xmlhttp.send();from access-control-allow-origin.
mikehayesuk
commented on August 17, 2024
I have updated my local background.js from master and it is now working (although I now have a different issue but that's unrelated to this one).
The background.js packaged with the extension on the Chrome Web Store is out of date then it seems!
Thanks
from access-control-allow-origin.
Related Issues (20)
- Not working
- The 'Access-Control-Allow-Origin' header contains multiple values 'https://mysite.com/path, *', but only one is allowed. HOT 3
- interferes with some websites HOT 7
- Extension forgets the settings after updating the browser
- Don't set the * when the credentials flag is set to true HOT 4
- Name of Chrome plugin is wrong! HOT 2
- Stops working after Chrome restart
- Project needs a defibrillator
- evil.com? HOT 12
- enabled cross site requests after restarting chrome.
- explanation HOT 4
- Causes error with facebook HOT 3
- PATCH not working HOT 2
- preflight / options request HOT 1
- Pattern matching not working as expected HOT 2
- The url pattern changes the original address HOT 1
- Restrict the use to specific websites HOT 1
- bc
- Uncaught ReferenceError: angular is not defined
- Why was this removed from the Google Play Store?
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from access-control-allow-origin.