Feature request: per host activation

Question

Feature request: per host activation

Closed this issue 7 years ago · 7 comments

Sometimes I may forgot this add on is enabled and it may be a security risk for my daily browsing.

It would be nice to have a feature to enable this addon per host. This way, CORS will be disabled only for custom domain/hosts, e.g. "localhost:4444" or "my.example.com" etc.

Answer 1 · 2018-05-23T18:07:27.000Z

Similar to #7, will try to finally work on it.
Although to make my life easier it will probably be a regex filter on host url, which should prove more versatile anyway.

Answer 2 · 2018-05-25T18:59:21.000Z

Note that this feature might have a potential performance impact since the addon remains active and each request has to be checked against the whitelist.

Answer 3 · 2018-05-28T13:23:33.000Z

@spenibus makes sense. I think that the feature should be optional. It would be worse to let undesired requests to be CORSed.

Answer 4 · 2018-05-28T17:09:38.000Z

Of course, host detection is a secondary step. You still need to enable the addon first.

Answer 5 · 2018-05-30T19:03:17.000Z

Implemented since 0ffa51e.

Answer 6 · 2018-05-30T19:24:35.000Z

good work! :)

Answer 7 · 2018-05-30T19:30:43.000Z

Version 18.5.30.1913 has been pushed to AMO. CORS Everywhere on AMO