Open eloquence opened 3 years ago
This has bitten me before, too. Easy to reproduce if you browse to http://localhost:8080 :
However, if you browse to http://127.0.0.1:8080, then the problem doesn't occur:
I believe that's caused by the 127.0.0.1
value being hardcoded in places like https://github.com/freedomofpress/securedrop/blob/08068350941d22e02e8f041ffcb958635da704db/securedrop/static/js/messaging.js#L131
When attempting to log in as a source in Firefox or Chrome using the
signal-proto-focal
server branch, I get the following CORS errors on the console. Firefox error output:(I was able to get it to work by forcibly disabling CORS checks via a browser extension.)