Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Still getting CORS errors #50

Closed
bibhas2 opened this issue May 10, 2021 · 8 comments
Closed

Still getting CORS errors #50

bibhas2 opened this issue May 10, 2021 · 8 comments

Comments

@bibhas2
Copy link

bibhas2 commented May 10, 2021

I have installed the extension in Chrome. It's not clear exactly how to use this. This is what I have done:

I have added my local server to the list.

image

I have added the local server to the active origins.

image

I am still getting CORS error when I send a request to localhost:8080.
@liyasthomas
Copy link
Member

Can you make sure that you've turned on "Extension mode" from Hoppscotch > Settings > Extensions section "Use browser extension to send requests".

Let me know if it solves your issue.

@AndrewBastin
Copy link
Member

Is http://localhost:8080/ the server you are trying to connect to or a locally hosted Hoppscotch instance ?

The "Active Origins" list is for the extension to decide which all pages to hook to. The extension hooks some extra functions into the JS context of the pages defined in the list.

@bibhas2
Copy link
Author

bibhas2 commented May 10, 2021

Can you make sure that you've turned on "Extension mode" from Hoppscotch > Settings > Extensions section "Use browser extension to send requests".

This was enabled by default already.

@bibhas2
Copy link
Author

bibhas2 commented May 10, 2021

Is http://localhost:8080/ the server you are trying to connect to

Yes, that is a locally running web server.

@bibhas2
Copy link
Author

bibhas2 commented May 10, 2021

I managed to get things working by giving site access for all sites. I don't know what that means. But it does not appear a very secure thing to do. I am running into significant mental friction with this tool. I have used Postman and other tools including something I had developed. May be better documentation will help. It's very common for developers to be able to test non-CORS enabled services.

image

@liyasthomas
Copy link
Member

We're making a documentation site for Hoppscotch. It'll be released soon. Glad it got sorted out at you end.

@AndrewBastin
Copy link
Member

@bibhas2

Yes, there is a lack of documentation right now, sorry about that.

But, just for your information, the "Site access" setting on Chrome is for which all pages the extension has access to, not the pages which the extension can send the request to (basically, the extension hooks add extra CORS-overriden request functions to the origins defined in the Active Origins list of the extension). So your Hoppscotch instance origin should be in the Site Access list and the Active Origins list in the extension popup.

We take security concerns really seriously and have taken precautions (which resulted in the Active Origins list in the first place) to make sure the extension is not exploited.

@jk2K
Copy link

jk2K commented Aug 24, 2021

Not work for Realtime: SSE

@MalteJac MalteJac mentioned this issue Jul 29, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bibhas2 @jk2K @AndrewBastin @liyasthomas