Commit Graph

14 Commits

Author SHA1 Message Date
Raphael-Joel Lim
a5aecfceee
Explicitly allow requests from public websites via new header (#302)
- Chrome now enforces that servers on private networks explicitly
  grant access to public websites using a new header
  "Access-Control-Allow-Private-Network" that should be sent in
  responses to preflight OPTIONS requests.
- This change implements special handling for OPTIONS requests by
  sending all the existing CORS headers along with the new
  Access-Control-Allow-Private-Network header if private network
  access is being requested.
- See https://developer.chrome.com/blog/private-network-access-preflight/
  for more info.
2022-02-18 23:08:44 -08:00
Jone Wang
7136a15ade
Allow safari-web-extension to access Aniki Connect. (#297)
* Allow safari-web-extension to access Aniki Connect.

* Fix typo.
2022-01-08 20:01:00 -08:00
Ren Tatsumoto
418ebcb0de
Fix updateModelTemplates and updateModelStyling functionality on Anki 2.1.45 and later (#296)
* fix update functionality on anki 2.1.45+

* delete trailing semicolon in the statement
2021-12-26 22:21:21 -08:00
DegrangeM
9fec86f7fe
Add requestPermission API method (#255)
* Add requestPermission Api Method

* Add documentation about requestPermission method

* Update version documentation
2021-05-07 20:33:06 -07:00
DegrangeM
9472ac4401
Fix vulnerability (#252)
* Improve and simplify code handling CORS

* Don't execute request when origin not allowed

Fix vulnerability

* Remove webCorsOrigin legacy option

It's confusing (and potentially insecure as removing webCorsOrigin in configuration would still set it to localhost)

* Allow 127.0.0.1 and browser extension if localhost allowed
2021-05-05 22:31:11 -07:00
Alexander Ryzhikov
8b81267b0c
Add Access-Control-Allow-Headers * (#231) 2021-02-21 11:24:08 -08:00
431ee362fc Initial cleanup pass 2021-01-17 22:13:27 -08:00
kanjieater
5386364c8d
Server no longer hangs on client disconnects (#217)
* Server no longer hangs on client disconnects

* Changed timeout and am now catching errors explicitly

Co-authored-by: KanjiEater <kanjieat3r@gmail.com>
2020-12-28 13:57:22 -08:00
yekingyan
e0e0e57321 Add support for use '*' to allow CORS for all domains 2020-04-12 15:52:52 +08:00
Yannick Mau
002b7cbf97 Deprecate field 'webCorsOrigin' but keep temporary support for it. 2020-02-28 01:17:53 +01:00
Yannick Mau
413b27a21e Add support for multiple cors origins 2020-02-17 17:44:58 +01:00
7603f2b251 Fix error viewing AnkiConnect page 2020-01-05 17:49:41 -08:00
2767d2928e Add link script, fix plugin 2020-01-05 17:41:34 -08:00
173e43700b Cleanup 2020-01-05 15:42:08 -08:00