Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.lang.basic.visual.misc > #3528
| Newsgroups | comp.lang.basic.visual.misc |
|---|---|
| Date | 2023-12-31 07:01 -0800 |
| Message-ID | <6701115c-9a10-4415-9b87-91c9154d99fbn@googlegroups.com> (permalink) |
| Subject | Download Cors Extension For Firefox |
| From | Sharmaine Kass <kasssharmaine@gmail.com> |
If, like me, you were (successfully) specifying the port while working with chrome (i.e :4000/*), it will not work with firefox. You need to use * instead, which works with both chrome and firefox. Firefox 87 allows this non-compliant behavior to be enabled by setting the preference: network.cors_preflight.allow_client_cert to true (Firefox bug 1511151). Chromium-based browsers currently always send TLS client certificates in CORS preflight requests (Chrome bug 775438). download cors extension for firefox Download File https://t.co/XvgzprWAwE window.postMessage is available to JavaScript running in chrome code (e.g., in extensions and privileged code), but the source property of the dispatched event is always null as a security restriction. (The other properties have their expected values.) It is not possible for content or web context scripts to specify a targetOrigin to communicate directly with an extension (either the background script or a content script). Web or content scripts can use window.postMessage with a targetOrigin of "*" to broadcast to every listener, but this is discouraged, since an extension cannot be certain the origin of such messages, and other listeners (including those you do not control) can listen in. \n window.postMessage is available to JavaScript running in chrome code\n (e.g., in extensions and privileged code), but the source property of the\n dispatched event is always null as a security restriction. (The other\n properties have their expected values.)\n \n It is not possible for content or web context scripts to specify a\n targetOrigin to communicate directly with an extension (either the\n background script or a content script). Web or content scripts can use\n window.postMessage with a targetOrigin of \"*\" to\n broadcast to every listener, but this is discouraged, since an extension cannot be\n certain the origin of such messages, and other listeners (including those you do not\n control) can listen in.\n When we decided to move to WebExtensions in 2015, it was a long term bet on cross-browser compatibility. We believed then, as we do now, that users would be best served by having useful extensions available for as many browsers as possible. By the end of 2017 we had completed that transition and moved completely to the WebExtensions model. Today, many cross-platform extensions require only minimal changes to work across major browsers. We consider this move to be a long-term success, and we remain committed to the model. In 2018, Chrome announced Manifest v3, followed by Microsoft adopting Chromium as the base for the new Edge browser. This means that support for MV3, by virtue of the combined share of Chromium-based browsers, will be a de facto standard for browser extensions in the foreseeable future. We believe that working with other browser vendors in the context of the WECG is the best path toward a healthy ecosystem that balances the needs of its users and developers. For Mozilla, this is a long term bet on a standards-driven future for WebExtensions. Another core part of extensions are content scripts, to directly interact with web pages. We are blocking unsafe coding practices and are offering more secure alternatives to improve the base security of extensions: string-based code execution has been removed from extension APIs. Moreover, to improve the isolation of data between different origins, cross-origin requests are no longer possible from content scripts, unless the destination website opts in via CORS. Mozilla will maintain support for blocking WebRequest in MV3. To maximize compatibility with other browsers, we will also ship support for declarativeNetRequest. We will continue to work with content blockers and other key consumers of this API to identify current and future alternatives where appropriate. Content blocking is one of the most important use cases for extensions, and we are committed to ensuring that Firefox users have access to the best privacy tools available. In launching our Developer Preview program for Manifest v3, our hope is that authors will test out our MV3 implementation to help us identify gaps or incompatibilities in our implementation. Work is continuing in parallel, and we expect to launch MV3 support for all users by the end of 2022. As we get closer to completion, we will follow up with more detail on timing and how we will support extensions through the transition. As a member of the W3 browser extension group. It is good to hear that you will support the persistent background page for MV3. So my Turn Off the Lights Firefox extension can continue to deliver the support of my accessibility feature for my Firefox users. Just to clarify, MV3 will receive support for event pages, not *persistent* background pages. They share mostly the same set of APIs, but extensions built on event pages should be designed to be resilient against inevitable termination. This reflects the reality where the browser does not always have a choice in whether to keep an extension process alive. Most of the current user script extensions have a suboptimal security architecture, because all user scripts are executed in the same environment as the content script. Because the underlying primitive (string-based code execution in content scripts) have been removed, user script managers can currently not be ported to MV3. We are looking for a way to allow user script managers to continue working, ideally in a more secure way. While we already had a userScripts API, its API would have to change to stay reliable in MV3. Since the API had to change anyway, we are re-examining its design, in the hopes of reaching an interoperable API that enables extension developers to build cross-browser user script managers. Taking away persistent background pages is one of the most idiotic architectural changes I have ever heard of. The power of many extensions is based on the fact that they can process lots of data and keep it cached in the background page enabling fast UI and access. If you have to reparse and reprocess this data all the time, performance of the application becomes unacceptable. I was able to get the basemaps to work again with Chrome(I had to delete cache several times and log out and log back in) but I am still having an issue with Firefox. My AGOL map is not public but here is a link to our public map where the ESRI basemaps currently do not show up in Firefox. The issue has to do with CORS (cross origin request). I have the CORS extension and plugin enabled for Chrome and Firefox. I bet if you add and enable the CORS extension in your Google Chrome browser the ESRI basemaps will work. As far as it working with the web application, are you using an out of the box web app template? If so, it's possible that within the configuration files there is a line in the code that fixes the CORS issue. This is ONLY happening in Chrome. I have tried clearing the cache. I even uninstalled and reinstalled Chrome. I tried the CORS extension. Since it is clearly not a problem with our account, I have not even considered making any modifications to ArcGIS Online (I am an administrator but do not have call authority so esri tech support can't talk to me). Since I am able to do everything with no problems in Microsoft Edge at home as well as on my laptop in Chrome and on the school computer I use for teaching class, this is clearly limited to just Chrome on my desktop. Unfortunately, my desktop is my prime work station for all lesson planning, and I heavily use ArcGIS Online in my classes. I am very hamstrung at this point. Today i upgraded xwiki 13.10.5 to 14.10.2. During the process i had to switch over to tomcat9 with openjdk-11. Now i have several problems (in different topic). On problem is the CORS Error i get if i want to update extensions. A content script is a part of your extension that runs in the context of a particular web page (as opposed to background scripts which are part of the extension, or scripts which are part of the website itself, such as those loaded using the element). There is only one global scope per frame, per extension. This means that variables from one content script can directly be accessed by another content script, regardless of how the content script was loaded. Note: Dynamic JS module imports are now working in content scripts. For more details, see Firefox bug 1536094. Only URLs with the moz-extension scheme are allowed, which excludes data URLs (Firefox bug 1587336). Both host permissions and the activeTab permission have exceptions for some domains. Content scripts are blocked from executing on these domains, for example, to protect the user from an extension escalating privileges through special pages. Note: Because these restrictions include addons.mozilla.org, users who try to use your extension immediately after installation may find that it doesn't work. To avoid this, you should add an appropriate warning or an onboarding page to move users away from addons.mozilla.org. Note: In Firefox in Manifest V2, content script requests (for example, using fetch()) happen in the context of an extension, so you must provide an absolute URL to reference page content. Content scripts get the same cross-domain privileges as the rest of the extension: so if the extension has requested cross-domain access for a domain using the permissions key in manifest.json, then its content scripts get access that domain as well. Note: When using Manifest V3, content scripts can perform cross-origin requests when the destination server opts in using CORS; however, host permissions don't work in content scripts, but they still do in regular extension pages. Note: In Firefox in Manifest V2, extensions that need to perform requests that behave as if they were sent by the content itself can use content.XMLHttpRequest and content.fetch() instead. 35fe9a5643
Back to comp.lang.basic.visual.misc | Previous | Next | Find similar
Download Cors Extension For Firefox Sharmaine Kass <kasssharmaine@gmail.com> - 2023-12-31 07:01 -0800
csiph-web