Nw.js: How to make CORS request if the "origin" is "chrome://extension"?
In nwjs, how did you make CORS request? The issue is that, when making http request with xmlhttprequest, from the devtool of nwjs, I see the request header as below:
Origin:chrome-extension://mhfmojjfekkpkakpnhchfafkdbloaekl
In this case, how can we allow this in server side (except allow all with "Access-Control-Allow-Origin: *" which is not safe for server side)??? Also, nwjs does not allow me to change value of "origin", is it necessary to disallow it?
request.setRequestHeader("Origin", "xxx"); // Error: Refused to set unsafe header "Origin"
I found #1734 but did not figure out how it was fixed. I've also tried ""chromium-args": "--disable-web-security"", but still same...
Please share your idea how you handle this in your nwjs application. Thanks very much.
By the way, how is the "extension id" (chrome-extension://mhfmojjfekkpkakpnhchfafkdbloaekl) generated by nwjs? random value?
gengshenghong
All 3 comments
You can control the random id which is the domain in chrome-extension protocol by specifying domain in your package.json
RohitSharma27
on 9 Aug 2016
Thank you for your comments, exactly explains my concerns. My bad, I did not see that option in the document! If the random id can be controlled, server side may use that to define who is allowed at least...
gengshenghong
on 10 Aug 2016
in case anyone else comes across this. here are the current docs describing the manifest settings needed:
the-vampiire
on 11 Jul 2018
Related issues
loretoparisi
路
3Comments
daverave1212
路
3Comments
imyzf
路
4Comments
ValentineStone
路
4Comments
sorty-zz
路
4Comments
Most helpful comment
You can control the random id which is the domain in chrome-extension protocol by specifying domain in your package.json