Skip to content

fix: allow authorization header from browser extension

Warren Gifford requested to merge allow-authorization-header into master

Created by: ijsnow

Allow Authorization to be sent as an http header from allowed origins.

The browser extension code switched to using access tokens because we thought Chrome stopped sending the bundle ID as the request origin which broke some things. It turns out that Chrome seemingly randomly decides to send the bundle ID as the request origin instead of the page's origin. When the origin is the browser extension's bundle ID, we would get rejected by preflight header checks.

Closes https://github.com/sourcegraph/sourcegraph/issues/969.

Merge request reports

Loading