Do not redirect XHR that would fail due to CORS bug in Firefox

[lidel]

This PR disables gateway redirect for cross-origin XHRs.

• It fixes all the websites broken by CORS false-positive bug in Firefox (samples below).
  • It is a "lesser evil". There will be no gateway redirect for such requests, but at least "IPFS-enabled" websites that do cross-origin requests to different gateways will work.
• I believe we want the same behavior on all browsers, so initial version of this PR conforms to the Firefox limitation in Chrome as well.
  • For: Different handling on different browsers would be a nightmare for a developer, who assumes it "works the same everywhere".
  • Against: We introduce artificial limitation for browsers other than Firefox.
• The full context is in gateway redirect messes up CORS headers on firefox #436 (comment) including a link to the upstream bug.

Samples

Examples of sites broken in v2.3.0 by the bug:

• https://ipfs.github.io/public-gateway-checker/
• http://node2.e-mesh.net/hls/stream.html?gw=https://hardbin.com/ipfs (reported by @darkdrgn2k)
  (open Console to see CORS error)

Open Questions

I'd appreciate some quick feedback, before this gets merged and released:

1. Is it OK to artificially limit Chrome just for sake of uniformity?
2. Should we log a warning to the console on every skipped XHR, or is it too much?

[fahrradflucht]

Since this is a severe limitation on what single page applications on ipfs will be able to do in for example an offline situation I think logging a warning every time this happens is a good idea. I think both firefox and chrome provide ways to silence those logs if the are expected.

[alanshaw]

If we use the isFirefox runtime check and issue a warning (only for Firefox) we wouldn't have to restrict for Chrome (and potentially others). It wouldn't add a great deal of complexity and there's precedent for that sort of thing already in the code base.

In combination with the log line, the altered behaviour in Firefox remains visible and the restriction can be removed easily when the issue is fixed. Meanwhile by leaving in the functionality for Chrome you ensure the code that is doing it continues to work as expected.

[lidel]

@alanshaw I initially did that, but got worried about providing different redirect rules for different vendors, which feels like a bad developer experience.

So your suggestion is to limit this workaround to Firefox only and and be very explicit that it is a temporary workaround for an upstream bug limited to Firefox?

[lidel]

Alright, switched this PR to apply the workaround only when in Firefox runtime.
I feel this makes it very safe to merge and release to beta, as it restores broken functionality for Firefox users and does not change anything for Chrome.

[lidel]

For anyone interested in this fix, it just got shipped to stable channel as v2.3.1