Uploaded image for project: 'Nuxeo Platform'
  1. Nuxeo Platform
  2. NXP-24828

Make the CSRF filter work with the Firefox Nuxeo browser extension

    XMLWordPrintable

    Details

      Description

      Since resolution of NXP-24331, hot reload and other functionalities from the dev tools browser extension in Firefox are not available, with the following warnings displayed in server.log:

      [NuxeoCorsCsrfFilter] CSRF check failure: source: moz-extension://b168a0e9-b1e5-4f9c-adef-77cbb980e2be does not match target: http://localhost:8080/ and not allowed by CORS config
      

      Similar problems occur when using the Postman Chrome extension, which allows REST API testing.

      We cannot allow "moz-extension://*" as an origin because * is not a legal hostname.

      We should whitelist moz-extension and chrome-extension schemes in CORS filter to enable these extensions.

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Time Tracking

                  Estimated:
                  Original Estimate - Not Specified
                  Not Specified
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 2 hours
                  2h

                    PagerDuty

                    Error rendering 'com.pagerduty.jira-server-plugin:PagerDuty'. Please contact your Jira administrators.