Elaborate on open questions regarding CORS of browser extensions

2025-09-01 10:09:50 +00:00 · 2022-08-01 11:04:12 +02:00 · 2022-08-01 11:04:12 +02:00 · 5bf056e584
commit 5bf056e584
parent 119dbaef97
1 changed files with 4 additions and 1 deletions
--- a/api/router.go
+++ b/api/router.go
@ -144,7 +144,10 @@ func (mh *mainHandler) handle(w http.ResponseWriter, r *http.Request) error {
 			// Origin (without port) matches Host.
 		case originURL.Scheme == "chrome-extension":
 			// Allow access for the browser extension
-			// TODO(ppacher): can we improve that check here?
+			// TODO(ppacher):
+			// This currently allows access from any browser extension.
+			// Can we reduce that to only our browser extension?
+			// Also, what do we need to support Firefox?
 		case devMode() &&
 			utils.StringInSlice(allowedDevCORSOrigins, originURL.Hostname()):
 			// We are in dev mode and the request is coming from the allowed