fix: allow authorization header from browser extension (!984) · Merge requests · Administrator / sourcegraph

Administrator requested to merge allow-authorization-header into master Nov 13, 2018

Created by: ijsnow

Allow Authorization to be sent as an http header from allowed origins.

The browser extension code switched to using access tokens because we thought Chrome stopped sending the bundle ID as the request origin which broke some things. It turns out that Chrome seemingly randomly decides to send the bundle ID as the request origin instead of the page's origin. When the origin is the browser extension's bundle ID, we would get rejected by preflight header checks.

Closes https://github.com/sourcegraph/sourcegraph/issues/969.

fix: allow authorization header from browser extension

Merge request reports