Firefox 74.0
cag014 opened this issue · 27 comments
Doesn't work on new 74.xxx release.
Please help
Just checked cors-everywhere-test using Firefox 74.0 and it works. Gonna need more info.
waiting for xmlHttpRequest
readyState: 2 status: 200
readyState: 3 status: 200
readyState: 4 status: 200
Monitoring network I do receive status 200, but no response in my java-script and on console there is an error:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://hc3-00000138.local/api/globalVariables/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Here is the code in java-script (very simple)
var xhr = new XMLHttpRequest(); xhr.withCredentials = true;
xhr.open("GET",uri,true);
xhr.send();
See attachments.
By the way have copied your test code and run it ... doesn't work either!?
What I'm doing wrong?
Could be a mixed protocol issue when calling http:// from file:///. Sounds like the kind of thing they would block.
Any workaround for that?
Thanks
No idea at this point.
Since the addon doesn't really disable CORS but only spoofs the requests to make them look legit, anything that is disallowed by design is likely impossible to break. Advanced settings have to be investigated but I wouldn't expect much, considering they never bothered to offer a switch to disable security measures in the first place.
OK.
Thank you for your time... back to Chrome
You're absolutely correct... Firefox blocks file://
Have run this files via my router and it works now.
Thanks for a tip.
Hello,
Let me add my two cents.
Since new update to Firefox 74.0 I have a problem with two things:
Reason: CORS header 'Access-Control-Allow-Origin' missing
(https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSMissingAllowOrigin)
and
Reason: CORS request did not succeed
(https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/CORSDidNotSucceed)
This is when I use my file:// version of the site, however my online version works fine - there is no problem with CORS. Looks like Firefox blocks somehow file:// connected with http/s since 74.0.
Looks like the header injection just stops working in local mode. I fear there isn't much to do about it.
Thank for checking out the problem...
Hope Firefox will reverse this decision on next release
That's very optimistic considering what Mozilla has been doing in recent years.
mhm, I have a similar addon, it's the same.
FF just doesn't call the handlers 'onBeforeSendHeaders' and 'onHeadersReceived' on local pages (file:///) anymore.
I'm unable to find CORS everywhere add-on for mobile!?
Am I missing something?
Untested on mobile so not officially available. You can probably force the install though, can't remember having ever tried. See #15.
Just tried with Firefox 75 and the online test still works.
Wow, yes it works... so they did it.
Thanks for notification
Yes, it again works from local file.. I thought that was your message for, isn't?
@Bluscream It should work right away when green, at least for my basic test. Maybe something else is blocking the url.
@cag014 Didn't even test local, I saw the online version in the screenshot and tried that. But yes indeed actually, it does work now.
Closing this based on seemingly fixed behaviour in 75.0.
OK. thanks for your support
It still does not work, same version
@Bluscream Open the console (F12), refresh the page and copy the logs.
You mean this?
GEThttp://spenibus.net/cors-everywhere-test.html
[HTTP/1.1 200 OK 50ms]
GEThttp://spenibus.net/style.css
[HTTP/1.1 200 OK 29ms]
GEThttp://spenibus.net/favicon.ico
[HTTP/1.1 200 OK 26ms]
Unknown property ‘-moz-border-radius’. Declaration dropped. cors-everywhere-test.html:22:24
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://google.com/. (Reason: CORS request did not succeed).
Requesting https://www.google.com/s2/favicons?domain=github.com Add Favicons to links.user.js:33:25
Requesting https://www.google.com/s2/favicons?domain=gitlab.com Add Favicons to links.user.js:33:25
GEThttps://github.com/DEMENT0R/steam_activation_button/raw/master/key.png
[HTTP/1.1 302 Found 25ms]
GEThttps://github.com/DEMENT0R/steam_activation_button/raw/master/list.png
[HTTP/1.1 302 Found 32ms]
GEThttps://www.google.com/s2/favicons?domain=github.com
[HTTP/2 200 OK 20ms]
GEThttps://www.google.com/s2/favicons?domain=gitlab.com
[HTTP/2 200 OK 19ms]
GEThttps://raw.githubusercontent.com/DEMENT0R/steam_activation_button/master/key.png
[HTTP/1.1 200 OK 171ms]
GEThttps://raw.githubusercontent.com/DEMENT0R/steam_activation_button/master/list.png
[HTTP/1.1 200 OK 171ms]
waiting for xmlHttpRequest readyState: 4
status: 0
Error should be:
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at http://google.com/. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
Can you access http://google.com normally ?
I've updated the test page, you can try other urls.