-
Notifications
You must be signed in to change notification settings - Fork 324
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Origin header set to null causing 403 by IPFS API #955
Comments
Thanks - we'll look in more detail in our next triage session. |
I'll look deeper into this in next two weeks, but can confirm something changed in Firefox 85
In 2018, we had similar issues related to the way browsers handle XHR HTTP requests sent from the background page of our browser extension (#622, #616), this could be Firefox trying to align with what Chromium does, or a bug (or both). Additional research is needed, but I'm marking this as P0 because if breaks Companion in Firefox 85+ |
Closes #955 and refactors the way we detect requests coming from the Companion extension to be independent from the brittle Origin HTTP header. Instead, we now inspet request via lower level WebExtension API. Added tests for both Firefox in Chromium.
Closes #955 and refactors the way we detect requests coming from the Companion extension to be independent of the brittle Origin HTTP header. Instead, we now inspect request via lower level WebExtension API.
A fix for Firefox 85+ shipped to Beta channel: v2.16.0.990. |
have the same problem like #952 |
Describe the bug
There seems to be a regression akin to #622.
On my Windows box with Firefox 85.0b4 (not on the Linux one with 84.0.1 though) this has persisted for some time (a week or two?).
Checking the debugging tools the Windows box sends
Origin: null
(being rejected by IPFS with a 403, unless I add "null" as a CORS domain, my current workaround) while the Linux box still sendsOrigin: http://127.0.0.1:5001
.To Reproduce
Expected behavior
I'd expect the origin to match the localhost-ish domain, thereby passing the validation.
Desktop
The text was updated successfully, but these errors were encountered: