• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    公众号

spenibus/cors-everywhere-firefox-addon: A firefox addon enabling CORS everywhere ...

原作者: [db:作者] 来自: 网络 收藏 邀请

开源软件名称:

spenibus/cors-everywhere-firefox-addon

开源软件地址:

https://github.com/spenibus/cors-everywhere-firefox-addon

开源编程语言:

JavaScript 72.6%

开源软件介绍:

CORS Everywhere

This is a firefox addon that allows the user to enable CORS everywhere by altering http responses.

Note

  • It is important to understand that this addon does not actually disable any kind of security within Firefox. It merely alters http requests to make the browser believe the server has answered favorably. This means the http requests have to be valid and follow the CORS rules.
  • This addon is now a WebExtension.
  • Android is untested therefore not officially supported. Android platform support #15
  • In Firefox 74.0, the addon can not operate on local files (using the file:/// protocol). This is apparently fixed in 75.0. Firefox 74.0 #32

Usage

The addon's functionality can be toggled with the included button and is disabled by default. The button can be found by right-clicking a toolbar and choosing customize. It is labelled CorsE and has 3 states:

  • red, addon is disabled, CORS rules are upheld.
  • green, addon is enabled, CORS rules are bypassed.
  • green/red, addon is enabled and using the activation whitelist, CORS rules are bypassed when the origin url matches a filter in the whitelist.

A basic CORS test is available in the repository at ./_test/cors-everywhere-test.html.

Intended for developers. Use at your own risk.

Options

Available in about:addons.

  • Enabled at startup Enables this addon on startup.
  • Force value of "access-control-allow-origin" Self explanatory.
  • Activation whitelist When the addon is enabled, this will check the origin url against the whitelist to decide if headers will be modified. Uses regular expressions.

FAQ

  • The addon is enabled but the requests return content as if no user was logged in the target domain. Try using withCredentials.
  • Localhost CORS requests over HTTPS may fail with An error occurred: SEC_ERROR_UNKNOWN_ISSUER in the Security tab of the Network tab in Dev Tools. This can happen when developing both a web server on localhost and a "back-end" server also on localhost, but at a different port. A certificate exception is required for both localhost ports. Example: if your web server is https://localhost:3000/ then you've already added a certificate exception for the web server or you couldn't be debugging it or making CORS requests from it. But you'll also need to add a separate cert exception for your localhost "back-end" server's port, e.g. https://localhost:4000/. An easy way to do this is:
    • Right-click on the failed CORS request in Dev Tools.
    • Choose "Open in New Tab".
    • You'll see the usual Warning: Potential Security Risk Ahead" page.
    • Click "Advanced".
    • Click "Accept the Risk and Continue" to add the certificate exception.
    • Your localhost CORS requests will now work over TLS (aka SSL).



鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap