EU-Vietnam Business Network (EVBN) > Noindex > the network request in Safari web … | Apple Developer Forums

the network request in Safari web … | Apple Developer Forums

Essentially, I’m making a request to an API from my extension to login. That login request generates a uuid and sends it via

Set-Cookie

on the response. Then when I do subsequent requests, the cookie is attached to the request on Chrome, Edge, and Firefox, but not on Safari.

withCredentials

doesn’t work, since I’m assuming Safari is treating this like a full blown CORS request where you need

Access-Control-Allow-Credentials

and a

It would be much simpler if Safari just did what other browsers did, and if your extension has the origin whitelisted with permission in the manifest (or by programatic permission w/ optional_permissions), the browser ignores CORS completely and treats it like a same origin request.

Otherwise, if you haven’t whitelisted the origin in the extension permissions the functionality is fine in all browsers – it’s treated like a normal CORS request.

It’s weird because in Safari when I add the origin to the manifest, I can make the request cross-origin fine, but I bump into this credentials/cookie CORS issue. It’s like CORS: Bamboozled Edition. 😆

Thanks for all the work on the web extensions in Safari 14!

I’m also trying to convert my extension and bumped into this. Real funky.Essentially, I’m making a request to an API from my extension to login. That login request generates a uuid and sends it viaon the response. Then when I do subsequent requests, the cookie is attached to the request on Chrome, Edge, and Firefox, but not on Safari.doesn’t work, since I’m assuming Safari is treating this like a full blown CORS request where you needand a specific origin . Which would require significant work with a breaking change on the backend, and would need to detect the safari web extension origin and send it back allowed in the CORS header.It would be much simpler if Safari just did what other browsers did, and if your extension has the origin whitelisted with permission in the manifest (or by programatic permission w/ optional_permissions), the browser ignores CORS completely and treats it like a same origin request.Otherwise, if you haven’t whitelisted the origin in the extension permissions the functionality is fine in all browsers – it’s treated like a normal CORS request.It’s weird because in Safari when I add the origin to the manifest, I can make the request cross-origin fine, but I bump into this credentials/cookie CORS issue. It’s like CORS: Bamboozled Edition. 😆Thanks for all the work on the web extensions in Safari 14!

Bài viết liên quan
Bài viết mới
Thể Thao nổi bật