Reputation: 269
Origin header in Chrome Extension
I have my api running on node js, where for security reasons, I have set up a middle ware function check the origin header, if it is from my website, then only the api should go ahead. I am finding issues with Chrome Extension, as it does not pass the origin header in the get requests, also in the put requests, it sends something like chrome:// as the origin header. Can somebody help?
Regards, Manik Mittal
Upvotes: 7
Views: 7729
Answers (2)
Reputation: 10453
If you add in your manifest.json "permissions": ["https://*/"] you shouldn't have problems with CORS. Or if you want only your API to avoid this, just add your own url.
Upvotes: -1
Reputation: 77521
Well, that's how Chrome sets the Origin for extensions. It's not simple to override.
It is, however, possible to override. You'll need to use the webRequest API, specifically a blocking response to onBeforeSendHeaders, to rewrite the origin to whatever you like.
Upvotes: 5
Related Questions
- SecurityError: Blocked a frame with origin from accessing a cross-origin frame
- Why does my JavaScript code receive a "No 'Access-Control-Allow-Origin' header is present on the requested resource" error, while Postman does not?
- How to manually send HTTP POST requests from Firefox or Chrome browser
- Origin <origin> is not allowed by Access-Control-Allow-Origin
- Disable same origin policy in Chrome
- How do I get ASP.NET Web API to return JSON instead of XML using Chrome?
- CORS: Cannot use wildcard in Access-Control-Allow-Origin when credentials flag is true
- Disabling Chrome cache for website development