CODEWITHSUNDEEP
web-applicationsgoogle-chrome-extensioncors
Peter
Peter

Reputation: 4701

Why is CORS working? I expected it to fail

I want to understand how CORS is working in this case without any server side configuration on my part (full network timeline screenshot below)

I'm working on a web app that started out as a Chrome extension prototype. It has a chrome manifest like this

{
    "name": "How to lose clients and annoy coworkers",
    "description": "Useful tips for more unproductive living",
    "version": "0.2",
    "chrome_url_overrides": {
        "newtab": "index.html"
    },
    "options_ui": {
        "page": "options.html",
        "chrome_style": true
    },
    "icons": {
        "16": "images/all-skin-types-16x16.png",
        "48": "images/all-skin-types-48x48.png",
        "128": "images/all-skin-types-128x128.png"
    },
    "manifest_version": 2,
    "permissions": [
        "storage",
        "tabs",
        "https://sheetsu.com/apis/2e55358e/*"
    ]
}

I then decided to make it into a web based app expecting to have to solve the issue of making requests to https://sheetsu.com/apis/2e55358e/* which is a Google Spreadsheet backend. But it works without any changes in Chrome and Firefox. I tried to make another request to Twitter and that failed.

I thought maybe it was because of the [Chrome extension manifest.json][3] but when I added https://twitter.com to the permissions list, it still failed.

enter image description here

And I was also able to make a POST request to https://sheetsu.com/apis/2e55358e

Upvotes: 0

Views: 39

Answers (1)

minj
minj

Reputation: 2188

Access-Control-Allow-Origin @ https://sheetsu.com/apis/2e55358e has your domain listed (iampeterbanjo.github.io) but twitter.com does not.

Upvotes: 1

Related Questions