Open MalteJac opened 2 years ago
Yes, I'm experiencing the same issue as well. And I've managed to figure out the cause and have successfully resolved it.
Today is my first day to Hoppscotch and I found when using Hoppscotch via hoppscotch.io in Firefox 120 with browser extension 0.28 (December 14, 2023) as middleware activated, the requests sent from Hoppscotch would still have the Origin
header with value moz-extension://...
.
We may confirm this by sending request to echo.hoppscotch.io
or httpbin to examine the actual header sent.
... So, it could still trigger CORS restriction. Hmm... Did I miss any settings?
I couldn't find any useful information in the documentation or the issues. It's highly likely that this issue is specific to Firefox, which is used by few people, so it's not surprising to see that there isn't much feedback.
After some research, I found this issue relates to Firefox security policy.
The issue is about host permissions, in MV3, they’re not granted automatically on install, but instead user needs to grant them at some point. — https://discourse.mozilla.org/t/can-not-use-cross-origin-requests-from-an-mv3-addon-background-script-on-nightly-v102/97603
This made me understand why.
It turn out that before sending the request in Hoppscotch, I had to open the target site (domain, host) in a new tab and right-click on the extension to authorize "Extension Can Read and Change Data: Always allow on \<host>" to the extension.
Only after that, the request sent in Hoppscotch will not be cross-site.
Finally, I realized that it is possible to grant the extension access to ALL websites in Add-ons Preference page (about:addons
) manually.
Hope this helps.
Maybe it would be nice if we could include a note about this issue in the documentation, README, or description in the market.
Hey, similar to #50 I am not able to send a proper request to get an Azure Bearer Token, which works absolutely fine with PostMan. I activated the addon usage (Firefox) in the Hoppscotch setting. I'm not self-hosting, thus using https://hoppscotch.io/