endpoints: make cors allow all moz-extensions

ActivityWatch · Aug 18, 2019 · 327efb4 · 327efb4
1 parent 4ba4463
commit 327efb4
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/src/endpoints/cors.rs b/src/endpoints/cors.rs
@@ -13,12 +13,12 @@ pub fn cors(config: &AWConfig) -> rocket_cors::Cors {
         allowed_exact_origins.push("http://127.0.0.1:27180".to_string());
     }
     let mut allowed_regex_origins = vec![
-        "moz-extension://6b1794a0-5ae6-4443-aef9-7755717bb180".to_string(),
-        "moz-extension://02507908-8928-4ec3-86f5-2ae5dddf4c47".to_string(),  // The ID I got on Firefox for Android
         "chrome-extension://nglaklhklhcoonedhgnpgddginnjdadi".to_string(),
+        // Every version of a mozilla extension has its own ID to avoid fingerprinting, so we
+        // unfortunately have to allow all extensions to have access to aw-server
+        "moz-extension://.*".to_string()
     ];
     if config.testing {
-        allowed_regex_origins.push("moz-extension://.*".to_string());
         allowed_regex_origins.push("chrome-extension://.*".to_string());
     }