search

hoppscotch / hoppscotch-extension

🧩 Browser extensions to provide more capabilities to https://hoppscotch.io
https://hoppscotch.io
MIT License
254 stars 95 forks source link

Still getting CORS errors #50

Closed bibhas2 closed 3 years ago

bibhas2 commented 3 years ago

I have installed the extension in Chrome. It's not clear exactly how to use this. This is what I have done:

I have added my local server to the list.

image

I have added the local server to the active origins.

image

I am still getting CORS error when I send a request to localhost:8080.

liyasthomas commented 3 years ago

Can you make sure that you've turned on "Extension mode" from Hoppscotch > Settings > Extensions section "Use browser extension to send requests".

Let me know if it solves your issue.

AndrewBastin commented 3 years ago

Is http://localhost:8080/ the server you are trying to connect to or a locally hosted Hoppscotch instance ?

The "Active Origins" list is for the extension to decide which all pages to hook to. The extension hooks some extra functions into the JS context of the pages defined in the list.

bibhas2 commented 3 years ago

Can you make sure that you've turned on "Extension mode" from Hoppscotch > Settings > Extensions section "Use browser extension to send requests".

This was enabled by default already.

bibhas2 commented 3 years ago

Is http://localhost:8080/ the server you are trying to connect to

Yes, that is a locally running web server.

bibhas2 commented 3 years ago

I managed to get things working by giving site access for all sites. I don't know what that means. But it does not appear a very secure thing to do. I am running into significant mental friction with this tool. I have used Postman and other tools including something I had developed. May be better documentation will help. It's very common for developers to be able to test non-CORS enabled services.

image

liyasthomas commented 3 years ago

We're making a documentation site for Hoppscotch. It'll be released soon. Glad it got sorted out at you end.

AndrewBastin commented 3 years ago

@bibhas2

Yes, there is a lack of documentation right now, sorry about that.

But, just for your information, the "Site access" setting on Chrome is for which all pages the extension has access to, not the pages which the extension can send the request to (basically, the extension hooks add extra CORS-overriden request functions to the origins defined in the Active Origins list of the extension). So your Hoppscotch instance origin should be in the Site Access list and the Active Origins list in the extension popup.

We take security concerns really seriously and have taken precautions (which resulted in the Active Origins list in the first place) to make sure the extension is not exploited.

jk2K commented 3 years ago

Not work for Realtime: SSE