How to make CORS request if the "origin" is "chrome://extension"? #5199
Comments
|
You can control the random id which is the domain in chrome-extension protocol by specifying domain in your package.json |
|
Thank you for your comments, exactly explains my concerns. My bad, I did not see that option in the document! If the random id can be controlled, server side may use that to define who is allowed at least... |
|
in case anyone else comes across this. here are the current docs describing the manifest settings needed: |
Closed
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In nwjs, how did you make CORS request? The issue is that, when making http request with xmlhttprequest, from the devtool of nwjs, I see the request header as below:
Origin:chrome-extension://mhfmojjfekkpkakpnhchfafkdbloaekl
In this case, how can we allow this in server side (except allow all with "Access-Control-Allow-Origin: *" which is not safe for server side)??? Also, nwjs does not allow me to change value of "origin", is it necessary to disallow it?
request.setRequestHeader("Origin", "xxx"); // Error: Refused to set unsafe header "Origin"
I found #1734 but did not figure out how it was fixed. I've also tried ""chromium-args": "--disable-web-security"", but still same...
Please share your idea how you handle this in your nwjs application. Thanks very much.
By the way, how is the "extension id" (chrome-extension://mhfmojjfekkpkakpnhchfafkdbloaekl) generated by nwjs? random value?
The text was updated successfully, but these errors were encountered: