cors

How to make a cross-origin request in a content script (currently blocked by CORB despite the correct CORS headers)?

by

Based on the examples in “Changes to Cross-Origin Requests in Chrome Extension Content Scripts”, I replaced all invocations of fetch with a new method fetchResource, that has a similar API, but delegates the fetch call to the background page: // contentScript.js function fetchResource(input, init) { return new Promise((resolve, reject) => { chrome.runtime.sendMessage({input, init}, messageResponse => … Read more

$http request doesn’t send cookies cross-domain in angular CORS

by

Have you seen this? Communication between AngularJS and a Jersey Webservice which are on a different domain. Can’t access correct session Try passing a config object to $http that specifies withCredentials, that should work in all versions. $http({withCredentials: true, …}).get(…) And the discussion here: https://github.com/angular/angular.js/pull/1209

Go gin framework CORS

by

FWIW, this is my CORS Middleware that works for my needs. func CORSMiddleware() gin.HandlerFunc { return func(c *gin.Context) { c.Writer.Header().Set(“Access-Control-Allow-Origin”, “*”) c.Writer.Header().Set(“Access-Control-Allow-Credentials”, “true”) c.Writer.Header().Set(“Access-Control-Allow-Headers”, “Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With”) c.Writer.Header().Set(“Access-Control-Allow-Methods”, “POST, OPTIONS, GET, PUT”) if c.Request.Method == “OPTIONS” { c.AbortWithStatus(204) return } c.Next() } }

Getting Spotify API access token from frontend JavaScript code

by

I believe the issue here is that you’re attempting to retrieve JSON data from the endpoint where you should direct your users. So instead of making a request to it, you should supply a button on your page that links to your https://accounts.spotify.com/authorize/{…} URL. The user will proceed to give your application the permissions you’ve … Read more

CORS and Google Maps Places Autocomplete API calls [duplicate]

by

The supported way to call the Place Autocomplete API from a web app is using the Places library: <script> function initMap() { var map = new google.maps.Map(document.getElementById(‘map’), { center: {lat: -33.8688, lng: 151.2195}, zoom: 13 }); … map.controls[google.maps.ControlPosition.TOP_RIGHT].push(card); var autocomplete = new google.maps.places.Autocomplete(input); autocomplete.bindTo(‘bounds’, map); var infowindow = new google.maps.InfoWindow(); var infowindowContent = document.getElementById(‘infowindow-content’); infowindow.setContent(infowindowContent); … Read more

Ajax call bug with Chrome new version 73.0.3683.75?

by

I had the same problem after upgrade to Chrome 73. Thanks to @wOxxOm This is the workaround until now: Go to chrome://flags Disabled the Enable network service UPDATE: This is not a bug, according to this announcement: https://www.chromium.org/Home/chromium-security/extension-content-script-fetches You will need to put the Cross-Origin Fetches to the background script instead of the content script.