Closed ben-kaufman closed 5 years ago
Firefox uses a different UUID for each installation, so we're not able to whitelist a specific 'moz-extension://XXXX' like we could with Chrome.
Thanks for the reply @stridentbean. Yes you are right that the ID is randomly generated per user thus it won't be possible to whitelist it in the CORS (at least not without opening it to opening the CORS to all moz-extension://
).
However, it is possible to bypass that by asking for permission from the extension manifest. I have opened a PR for that in the Extension repo: https://github.com/Casa/Casa-Extension/pull/2
I would appreciate if you could review that PR.
The Casa Firefox extension is not whitelisted in the cors.js file (https://github.com/Casa/Casa-Node-Manager/blob/master/middlewares/cors.js#L3), this causes the extension API calls to be blocked.