No longer works in Firefox Nightly

[da2x]

The IPFS Companion stopped working one–three weeks ago in Firefox Nightly.

It can’t connect to IPFS Desktop anymore. IPFS is listening on the expected ports, however. IPFS Companion still works in Chromium.

I’ve tried reinstalling IPFS Companion and have tested with older versions all the way back to 2.4.0.

Confirmed issue on Firefox Nightly on macOS 10.14 and Windows 10.1809.

[da2x]

OK, the admin interface is returning 403 Forbidden.

The difference between Chrome and Firefox is that Firefox appends a Origin: moz-extension://{extension-installation-id} HTTP request header. If I remove that header from Firefox’s requests, everything starts working again.

[lidel]

Thank you for reporting!

Interesting. This is basically Firefox version of #615 (which we fixed in #616).

In short, Chrome was adding Origin: null to fetch made from webextension background pages and acted as sort of false-positive trigger for CORS validation producing 403 Forbidden.

Seems that Firefox Nightly started setting Origin: moz-extension://{extension-installation-id} (which is better than null) but that produces the same error. Will probably should apply similar fix here.

[da2x]

Heads up: I’d expect this behavior to change in Firefox. The internal UUID they send is unique and persistent per installation. It would allow for user tracking.

Edit: upstream issue.

[da2x]

Correction: it’s been like this for a year according to bugz#1405971. I’m not sure why this issue only started affecting IPFS now.

[lidel]

@da2x shipped a fix in v2.6.1.12130 (Beta), give it a try! :)
We now compare URL.origin in value-agnostic way, so it should work even if Firefox changes the Origin value to something else (eg. if they switch to 'null', like in Chromium)

[da2x]

Works for me.