Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential solution for communicating with AMO #126

Closed
stevennyman opened this issue Mar 24, 2019 · 7 comments
Closed

Potential solution for communicating with AMO #126

stevennyman opened this issue Mar 24, 2019 · 7 comments

Comments

@stevennyman
Copy link

stevennyman commented Mar 24, 2019
edited
Loading

One potential solution for the CORS problem (#113, #107, #117, #122, etc.) might be to inject a content script onto any AMO page running in an invisible iframe with a specific URL such as https://addons.mozilla.org/en-US/firefox/null/ with "run_at": "document_start" and "all_frames": true. Then, fetch requests would be run from that page, and their results would be returned by monitoring the webRequest API for responses. (An example of the webrequest API can be found at https://github.com/mdn/webextensions-examples/tree/master/http-response.) Otherwise, response objects could be transferred via content script to background script communication methods such as messaging. Code can be injected to run as if it was on the page by including the following in the content script:

const script = document.createElement('script');
script.textContent = `[JavaScript to inject]`;
document.documentElement.appendChild(script);
script.remove();

(partially borrowed from https://stackoverflow.com/questions/55270830/intercepted-xhr-run-function-before-raising-load)

This should theoretically fix te extension without anyone having to invest in hosting servers and the like.

I'm not sure if I will have the time to implement something like this, so @Noitidart or someone else might want to look into it.
@stoically
Copy link

Firefox doesn't allow content scripts on restricted domains (such as AMO), so this won't work.

@Noitidart
Copy link
Owner

Thanks for brainstorming this! I missed this!

@Noitidart
Copy link
Owner

Noitidart commented May 17, 2019
edited
Loading

The solution by @stoically here seems the way to go - #122 (comment) - if I get some time I'll prototype this out.

@Noitidart
Copy link
Owner

@stoically is there an issue with the domain fronter and having cookies?

@stoically
Copy link

@Noitidart Not sure, never used domain fronting myself, but looking at the CRXViewer code it seems that only specific request headers are modified, which should leave cookie headers intact.

@stevennyman
Copy link
Author

I'm glad to see this extension gaining forward momentum again! :)

@Noitidart
Copy link
Owner

Noitidart commented May 21, 2019 via email

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@Noitidart @stoically @stevennyman