-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
@pixiebrix/get
reports CORS errors and failed requests as "missing permissions"
#3037
Comments
From a PixieBrix security model, the extension should declare the network calls it can make. Related: see #3054. As you point out, some GET requests don't technically require Chrome Extension permissions based on the CORS settings on the remote server. However, we don't want to rely on this nuance - messaging should be based on the permissions the user has granted Long-term, we will want to have the check against the extensions declared
Good point that we can't distinguish this. Could we potentially use https://developer.mozilla.org/en-US/docs/Web/API/NetworkInformation/type? Or, in the enrich method we could ping https://app.pixiebrix.com to detect network connectivity? Related |
There's
Yes if for this check we use fetch directly, or else we'll end up in a loop |
A connectivity check was implemented. In the commit above I moved the check higher since being offline is the first thing the user should fix 🙂 It will be merged through #3073 |
This issue probably doesn't have a solution because it's a browser limitation.
Repro
https://ghosttext.fregante.com/
You will see that this request succeeds without permissions.
?a=1
to the URL to skip the cacheYou will see
ClientNetworkPermissionError: Insufficient browser permissions to make request.
due to this logic:pixiebrix-extension/src/services/requestErrorUtils.ts
Lines 142 to 151 in 4cf13fc
But the logic is actually incorrect:
https://www.google.com
See CORS error in the background page:
👆 this only happens if you're missing the
www.google.com
permissions, so theClientNetworkPermissionError
shown to the user is actually correct here.Possible resolutions
I don’t think this is actually feasible other than checking for
navigator.onLine
, but I don’t think it immediately turnsfalse
when a single request fails.Almost related
The text was updated successfully, but these errors were encountered: