You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It should be possible for users to change the allowed CORS origin that the server will accept
I have been using sideloaded aw-web-watcher extension for my Chromium browser for a long time, and it worked without any issue until I migrated to aw-server-rust.
Proposed solution
Allow user to manually add regexes so that they can allow their own sideloaded extensions to access the server
Why this is necessary for my workflow:
I use a custom sideloaded extension because I am using Vivaldi, an alternative Chromium browser, which the aw-web-watcher seems to have issues with tracking hostnames properly.
Therefore, I decided that sideloading will patched hardcoded values be the simplest fix while I wait for a proper fix, which still seems to be missing as of now
The ability to support other extension ids is crucial for me to keep tracking my Chromium web activities.
Problem
It took me an extended period of time to notice that my Chromium browser is no longer showing up on activity watcher partially because my firefox extension was still logging activities as usual.
Only when I explicitly searched for my chromium activity, that I noticed it is now missing.
So it had been on endless retrying loop forever since I migrated to rust.
Tracking down the error in the extension shows the below, which isn't helpful
{
"error": {
"code": 403,
"reason": "Forbidden",
"description": "The server refused to authorize the request."
}
}
Peeking at the server logs showed this message
[2024-11-14 14:28:29][�[31mERROR�[0m][rocket_cors::fairing::_]: CORS Error: Origin 'chrome-extension://jmdbkmbphoikckgkcnpoojbfeiaoaocl' is not allowed to request
let mut allowed_regex_origins = vec![
"chrome-extension://nglaklhklhcoonedhgnpgddginnjdadi".to_string(),
// Every version of a mozilla extension has its own ID to avoid fingerprinting, so we
// unfortunately have to allow all extensions to have access to aw-server
"moz-extension://.*".to_string(),
];
I did saw this line, which seems to allow any chromium extension when in testing mode but that does not seem like the intentional use case for said flag
if config.testing {
allowed_regex_origins.push("chrome-extension://.*".to_string());
}
The text was updated successfully, but these errors were encountered:
It should be possible for users to change the allowed CORS origin that the server will accept
I have been using sideloaded aw-web-watcher extension for my Chromium browser for a long time, and it worked without any issue until I migrated to aw-server-rust.
Proposed solution
Allow user to manually add regexes so that they can allow their own sideloaded extensions to access the server
Why this is necessary for my workflow:
I use a custom sideloaded extension because I am using Vivaldi, an alternative Chromium browser, which the aw-web-watcher seems to have issues with tracking hostnames properly.
Relevant issue: ActivityWatch/aw-watcher-web#132, ActivityWatch/aw-watcher-web#102
Therefore, I decided that sideloading will patched hardcoded values be the simplest fix while I wait for a proper fix, which still seems to be missing as of now
The ability to support other extension ids is crucial for me to keep tracking my Chromium web activities.
Problem
It took me an extended period of time to notice that my Chromium browser is no longer showing up on activity watcher partially because my firefox extension was still logging activities as usual.
Only when I explicitly searched for my chromium activity, that I noticed it is now missing.
So it had been on endless retrying loop forever since I migrated to rust.
Tracking down the error in the extension shows the below, which isn't helpful
Peeking at the server logs showed this message
Checking the source code revealed this
https://github.com/ActivityWatch/aw-server-rust/blob/master/aw-server/src/endpoints/cors.rs#L16-L21
I did saw this line, which seems to allow any chromium extension when in testing mode but that does not seem like the intentional use case for said flag
The text was updated successfully, but these errors were encountered: