thedevs-network/kutt-extension
1
0
Fork 0
mirror of https://github.com/thedevs-network/kutt-extension.git synced 2026-02-03 05:43:24 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[BUG] CORS Exclusion rules or some fix? #42

New Issue
Closed
opened 2026-01-19 18:32:00 +00:00 by michael · 6 comments
michael commented 2026-01-19 18:32:00 +00:00
Owner
Copy Link

Originally created by @uhlhosting on GitHub.

I just enabled CORS in Kutt deployment for security testing. What ever is super funny that the plugin works fine from Firefox:
image

Not working from Chrome / Opera.

_generated_background_page.html:1 Access to XMLHttpRequest at 'https://uhl.site/api/url/submit' from origin 'chrome-extension://hjfddajaffgcaickfkfdapafihjbcacl' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://uhl.site' that is not equal to the supplied origin.
uhl.site/api/url/submit:1 Failed to load resource: net::ERR_FAILED
Originally created by @uhlhosting on GitHub. <!-- Thanks for submitting an issue! All bug reports and problem issues require a **descriptive info** and *possible screenshots*. --> I just enabled CORS in Kutt deployment for security testing. What ever is super funny that the plugin works fine from Firefox: <img width="408" alt="image" src="https://user-images.githubusercontent.com/6324047/58061685-87bac600-7b77-11e9-90e7-548b738572d8.png"> Not working from Chrome / Opera. ``` _generated_background_page.html:1 Access to XMLHttpRequest at 'https://uhl.site/api/url/submit' from origin 'chrome-extension://hjfddajaffgcaickfkfdapafihjbcacl' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: The 'Access-Control-Allow-Origin' header has a value 'https://uhl.site' that is not equal to the supplied origin. uhl.site/api/url/submit:1 Failed to load resource: net::ERR_FAILED ```
michael commented 2026-01-19 18:32:01 +00:00
Author
Owner
Copy Link

@abhijithvijayan commented on GitHub:

@uhlhosting Please supply http or https to the devMode url. The extension requests permission to all http and https urls.

@abhijithvijayan commented on GitHub: @uhlhosting Please supply `http` or `https` to the devMode url. The extension requests permission to all `http` and `https` urls.
michael commented 2026-01-19 18:32:01 +00:00
Author
Owner
Copy Link

@uhlhosting commented on GitHub:

The idea is this, what location exclusion should I have to add into CORS, to have the Chrome and Opera working, while like I said Firefox works fine. I am not sure what firefox does, yet it simply works.

@uhlhosting commented on GitHub: The idea is this, what location exclusion should I have to add into CORS, to have the Chrome and Opera working, while like I said Firefox works fine. I am not sure what firefox does, yet it simply works.
michael commented 2026-01-19 18:32:01 +00:00
Author
Owner
Copy Link

@uhlhosting commented on GitHub:

I did supplied https: .

@uhlhosting commented on GitHub: I did supplied https: .
michael commented 2026-01-19 18:32:01 +00:00
Author
Owner
Copy Link

@abhijithvijayan commented on GitHub:

The idea is this, what location exclusion should I have to add into CORS, to have the Chrome and Opera working, while like I said Firefox works fine. I am not sure what firefox does, yet it simply works.

This issue is only in development mode of Kutt right?

and the error shows that you have only enabled CORS via the core domain. In order to make the extension bypass CORS, you have to enable CORS from every source. Make changes to Kutt itself.

The 'Access-Control-Allow-Origin' header has a value 'https://uhl.site'

This is not the issue with the extension

@abhijithvijayan commented on GitHub: > The idea is this, what location exclusion should I have to add into CORS, to have the Chrome and Opera working, while like I said Firefox works fine. I am not sure what firefox does, yet it simply works. This issue is only in development mode of Kutt right? and the error shows that you have only enabled CORS via the core domain. In order to make the extension bypass CORS, you have to enable CORS from every source. Make changes to Kutt itself. ` The 'Access-Control-Allow-Origin' header has a value 'https://uhl.site'` This is not the issue with the extension
michael commented 2026-01-19 18:32:01 +00:00
Author
Owner
Copy Link

@uhlhosting commented on GitHub:

I am just wondering what is the incoming source for chrome so that it could be excluded.

@uhlhosting commented on GitHub: I am just wondering what is the incoming source for chrome so that it could be excluded.
michael commented 2026-01-19 18:32:01 +00:00
Author
Owner
Copy Link

@abhijithvijayan commented on GitHub:

I am just wondering what is the incoming source for chrome so that it could be excluded.

From what I guess, CORS must be allowed to all the source endpoints in order to make this work.

Also did you test the API using some api-client like PostMan or Insomnia in the development mode?

@abhijithvijayan commented on GitHub: > I am just wondering what is the incoming source for chrome so that it could be excluded. From what I guess, CORS must be allowed to all the source endpoints in order to make this work. Also did you test the API using some api-client like PostMan or Insomnia in the development mode?
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
breaking change
breaking change
effort: high
effort: low
effort: med
good first issue
Hacktoberfest
help wanted
help wanted
impact: high
impact: low
impact: med
💡 Proposed Work
release: minor
stale?
status: awaiting author response
status: confirmed
status: needs reproduction
status: on hold
status: WIP
topic: feedback
topic: Performance
topic: ux
type: bug
type: design
type: feature or enhancement
type: maintenance
type: question or discussion
type: upstream
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michael
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: thedevs-network/kutt-extension#42
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?