vikarti.anatra/safing-portbase
1
0
Fork 0
mirror of https://github.com/safing/portbase synced 2025-09-04 11:40:23 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Elaborate on open questions regarding CORS of browser extensions

Browse source
This commit is contained in:
Daniel 2022-08-01 11:04:12 +02:00
parent 119dbaef97
commit 5bf056e584
1 changed files with 4 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
api/router.go
View file

@ -144,7 +144,10 @@ func (mh *mainHandler) handle(w http.ResponseWriter, r *http.Request) error {
// Origin (without port) matches Host. // Origin (without port) matches Host.
case originURL.Scheme == "chrome-extension": case originURL.Scheme == "chrome-extension":
// Allow access for the browser extension // Allow access for the browser extension
// TODO(ppacher): can we improve that check here? // TODO(ppacher):
// This currently allows access from any browser extension.
// Can we reduce that to only our browser extension?
// Also, what do we need to support Firefox?
case devMode() && case devMode() &&
utils.StringInSlice(allowedDevCORSOrigins, originURL.Hostname()): utils.StringInSlice(allowedDevCORSOrigins, originURL.Hostname()):
// We are in dev mode and the request is coming from the allowed // We are in dev mode and the request is coming from the allowed