Skip to content

remove unnecessary CORS logic and corsOrigin docs + site config prop usage

Administrator requested to merge corsorigin-docs into master

Created by: sqs

  • Remove usage and documentation of corsOrigin for the browser extension.

    In https://github.com/sourcegraph/sourcegraph/issues/2182#issuecomment-471554710, @lguychard confirmed that the corsOrigin site config property is only required when using the native Phabricator extension, not when using the Sourcegraph browser extension. I (@sqs) confirmed that it is not required when using the Sourcegraph browser extension.

  • Move corsOrigin documentation to the Phabricator native extension documentation (which is the only place it's needed).

  • Remove special-case allowance for the prod and dev Chrome extension IDs (chrome-extension://ID...) to bypass CORS. This initially was useful when the Chrome extension needed to make "simple" (in CORS terminology) requests to abide by the GitHub CSP. Now that Chrome (and FF) make requests in the background page, the CSP no longer limits us, so this workaround is no longer necessary (and is not even in effect). Removing them reduces complexity and Chrome-specific impl code.

Test plan:

(Because this change affects browser extension and server communication, which isn't well covered by e2e tests, I wanted to manually test it.)

  1. On my dev instance (http://localhost:3080), remove corsOrigin from site config.
  2. Ensure the repository http://localhost:3080/github.com/sourcegraph/go-diff is enabled and the sourcegraph/go extension is enabled.
  3. Run cd client/browser && yarn run dev.
  4. For both Chrome and Firefox:
    1. Disable the prod version of the browser extension.
    2. Load the dev version of the browser extension.
    3. For both https://sourcegraph.com and http://localhost:3080:
      1. Set the URL in the browser extension options page. Ensure it turns green and says "Connected".
      2. For both https://github.com/sourcegraph/go-diff/blob/master/diff/parse.go (GitHub) and https://gitlab.com/sourcegraph/ctxvfs/blob/master/namespace.go (GitLab):
        1. Navigate to the URL.
        2. Ensure the "View file" buttons appear.
        3. Ensure hovers on NewMultiFileDiffReader work.

Merge request reports

Loading