Invalid cors request about yaade HOT 6 CLOSED

works for me.
Example:
Request:

curl "http://127.0.0.1:8092/_matrix/client/r0/keys/upload" ^ -H "Accept: */*" ^ -H "Accept-Language: en-US,en;q=0.9" ^ -H "Cache-Control: no-cache" ^ -H "Connection: keep-alive" ^ -H "Content-Type: text/plain;charset=UTF-8" ^ -H "Origin: chrome-extension://mddoackclclnbkmofficmmepfnadolfa" ^ -H "Pragma: no-cache" ^ -H "Sec-Fetch-Dest: empty" ^ -H "Sec-Fetch-Mode: cors" ^ -H "Sec-Fetch-Site: none" ^ -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" ^ --data-raw ^"^{^ ... ^}^" ^ --compressed

Response:

HTTP/1.1 200 OK Content-Type: application/json Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: * Date: Wed, 21 Jun 2023 20:23:34 GMT content-length: 43
Maybe your server is not returning:

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS
So I do not think that this is a yaade issue, but an issue with your server application.

FYI: To debug the network communication between yaade and your application, assuming you are using the yaade extension in chrome as proxy:

Open chrome devtools (F12)
Application > Service Workers > See all registrations
Click inspect button.
This opens a new devtools window (for the extension)

The requests to your server are found in the network tab.

-- Ron

from yaade.

works for me. Example: Request:

curl "http://127.0.0.1:8092/_matrix/client/r0/keys/upload" ^ -H "Accept: */*" ^ -H "Accept-Language: en-US,en;q=0.9" ^ -H "Cache-Control: no-cache" ^ -H "Connection: keep-alive" ^ -H "Content-Type: text/plain;charset=UTF-8" ^ -H "Origin: chrome-extension://mddoackclclnbkmofficmmepfnadolfa" ^ -H "Pragma: no-cache" ^ -H "Sec-Fetch-Dest: empty" ^ -H "Sec-Fetch-Mode: cors" ^ -H "Sec-Fetch-Site: none" ^ -H "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/112.0.0.0 Safari/537.36" ^ --data-raw ^"^{^ ... ^}^" ^ --compressed

Response:

HTTP/1.1 200 OK Content-Type: application/json Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS Access-Control-Allow-Origin: * Date: Wed, 21 Jun 2023 20:23:34 GMT content-length: 43 Maybe your server is not returning:

Access-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Authorization, Cookie Access-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONS So I do not think that this is a yaade issue, but an issue with your server application.

FYI: To debug the network communication between yaade and your application, assuming you are using the yaade extension in chrome as proxy:

Open chrome devtools (F12) Application > Service Workers > See all registrations Click inspect button. This opens a new devtools window (for the extension)

The requests to your server are found in the network tab.

-- Ron

However it works when I allow from all origin using "*". The problem is when I allow only the host name of the yaade server where it is running. On the server cors is enabled for all origin. Attached the screenshots here.

from yaade.

hello,

check the request sent by yaade. it sets

Origin: chrome-extension://mddoackclclnbkmofficmmepfnadolfa

this is not the server where yaade is running., but the extension in the browser.
note that localhost on the yaade server would be the yaade server, not the pc where your browser is running.

so, try whitelisting chrome-extension://mddoackclclnbkmofficmmepfnadolfa in your application.

-- Ron

from yaade.

PS:
you may also try allowing private network access.

https://www.innoq.com/en/blog/cors-private-network-access/
https://stackoverflow.com/questions/76036487/spring-cors-filter-for-access-control-allow-private-network-not-working

from yaade.

PS:
some browsers/servers differenciate between localhost and 127.0.0.1.
so maybe try the latter.

from yaade.

Close due to inactivity.

from yaade.