Custom protocols and defining their origin

[stefansundin]

Hello there,

I am developing a chrome extension that talks to my website. The extension's origin is

chrome-extension://bjpcphhoenjjadogjjcelgjnnfgamiog

so I naturally defined

origins "chrome-extension://bjpcphhoenjjadogjjcelgjnnfgamiog"

in Rack::Cors' configuration.

But it didn't work. I got a 404 on the OPTIONS request. Weird, I though.

After some digging, I found this piece of code:

rack-cors/lib/rack/cors.rb

Line 256 in 42ebe6c

else Regexp.compile("^[a-z][a-z0-9.+-]*:\\\/\\\/#{Regexp.quote(n)}$")

            case n
            when Regexp,
                 /^https?:\/\//,
                 'file://'        then n
            when '*'              then @public_resources = true; n
            else                  Regexp.compile("^[a-z][a-z0-9.+-]*:\\\/\\\/#{Regexp.quote(n)}$")
            end

So unless your protocol is http, https, or file, you are not expected to specify the protocol? I tested it and using origins "bjpcphhoenjjadogjjcelgjnnfgamiog" worked.

What is the reason to even have that else clause? To me it would make sense to change that code to:

            @public_resources = true if n == '*'
            n

I guess I'm mostly confused of the origin of that code? It doesn't seem necessary, isn't explained in the docs as far as I could see, and it prevents you from using arbitrary protocols as strings.

Thanks!

[cyu]

The most common usage of this middleware would be for normal HTTP and HTTPS usage, so configuration is optimized for that. The origin intent is to allow example.net to support both protocols (and not require them to be specified individually).

While I don't really have a strong preference for this style anymore, I'm inclined to leave it as it doesn't break backwards compatibility and your use case is still supported (as a regex).

[rafamanzo]

I'm sorry to bring this up again after two years, but I have lost many hours on a similar problem, but now involving Ionic.

On iOS the Origin header is set to ionic://localhost (https://ionicframework.com/docs/faq/cors#ionic-webview-3-x-plugin-on-cordova).

Thus using origins 'ionic://localhost' led to errors when testing the app on iOS devices.

And I can confirm that origins 'localhost' works.

Is it worth to mention this behaviour for protocols different than http, https or file?

[aguynamedben]

I'm developing a Chrome extension and this also sent me on a 3-hour spree until I found this ticket. Thanks for the workaround @stefansundin.

Documented + PR: #219

[cyu]

After reviewing @aguynamedben documentation PR, I realize I wasn't looking at this issue correctly so I'm re-opening this issue.

[cyu]

This issue should be fixed with [#225], which is in 2.0.0.rc1