search

trapias / TrelloExport

Chrome extension to export Trello boards to Excel, Markdown, HTML, OPML and CSV
MIT License
127 stars 27 forks source link

Please set the origin for XMLHttpRequests #86

Closed awgneo closed 1 year ago

awgneo commented 3 years ago

Hello,

Could an origin be set for XMLHttpRequests? It seems that GitLab pages are sensitive to this for generating the Access-Control-Allow-Origin header. See the below screenshots. I think this is all that would be required to avoid this browser security policy.

Thanks, Alex

Screen Shot 2021-07-02 at 3 04 34 PM Screen Shot 2021-07-02 at 3 07 23 PM
trapias commented 3 years ago

@awgneo I don't understand what you need, is this related to TrelloExport?

awgneo commented 3 years ago

@trapias yes sorry I just realized this had minimal context. When setting the style sheet and template set the above is an issue with most recent versions of Chrome.

Screenshot_20210715-122651_Docs.jpg

trapias commented 3 years ago

@awgneo ah ok now I got it 😆 I made a test and could reproduce the error:

Access to XMLHttpRequest at 'https://castleberry-point.gitlab.io/trello/minutes.json' from origin 'https://trello.com' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. The point is "No 'Access-Control-Allow-Origin' header is present on the requested resource": if I'm not wrong this means that the server we're calling should add this header in its response, see for example this https://stackoverflow.com/questions/20035101/why-does-my-javascript-code-receive-a-no-access-control-allow-origin-header-i and https://web.dev/cross-origin-resource-sharing/.

Can you add this header (Access-Control-Allow-Origin: *) to that server?

Alberto.

awgneo commented 3 years ago

@trapias GitLab Pages (which I am using to host my templates for free) in particular only adds "Access-Control-Allow-Origin: *" to the response if an "Origin" header is sent in the request as per my curl examples in the original post :) Therefore, I think this is something that has to happen within this extension? This is directly related to the error message in the other recently reported issue https://github.com/trapias/TrelloExport/issues/87.

trapias commented 3 years ago

@awgneo I came back to the issue, but still could not solve. If I try to set the origin header, I get this error:

SyntaxError: Failed to execute 'setRequestHeader' on 'XMLHttpRequest': 'Origin:' is not a valid HTTP header field name.

I'm stuck with this, trying to understand how to solve.

awgneo commented 3 years ago

@trapias thank you for attempting :) I actually have some time this week to help you resolve. I will try to get back to you here by Friday. Cheers.

trapias commented 2 years ago

@awgneo I just could solve a problem with loading a CSS by using Statically as described here https://blog.mergify.com/how-to-serve-static-files-from-github/ - what about trying to load templates like this?

trapias commented 1 year ago

@awgneo finally solved!