Error: Network Error. Check console for details

[HappinerWinnie]

Describe the bug

To Reproduce
Steps to reproduce the behavior:

1. Open Postwoman
2. Click on Send
3. Scroll down to console
4. See error

Expected behavior
response OK

Screenshots

Desktop (please complete the following information):

• OS: Win10
• Browser chrome, safari
• Version 79.0.3945.117

[liyasthomas]

If your endpoint is in localhost, please install official browser extensions to support localhost endpoints and fix CORS errors.

Official extensions

• Firefox
• Chrome

[HappinerWinnie]

It's the same effect if I use ip

[liyasthomas]

Are you sure the requested endpoint have CROS disabled?

[Slaviusz]

Can we reopen this? I have the same issue, with/without the extension. I cannot open any connection to localhost.

[liyasthomas]

@AndrewBastin

[Slaviusz]

Thanks.
Basically, my symptoms are exactly the same. Trying to call rest API endpoint on localhost results in :

Access to XMLHttpRequest at 'http://127.0.0.1:9000/api/auth/login' from origin 'http://localhost:3000' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.

I tried installing the extension and also including the URL into unsafely-treat-insecure-origin-as-secure origins to no avail.

Thanks for help.

[liyasthomas]

Please check these hotfixes:

1. Check you've installed the latest version of browser extension. Kindly go through the extension's link (in readme) and verify the installed version number.
2. Check Postwoman is allowed to use extensions. Navigate to Settings > Extensions section on web app. Make sure "Use extension" toggle switch is turned on.
3. Check endpoints don't have CROS restrictions.

[Slaviusz]

1. compiled Postwoman 30 minutes ago from latest git commit. Installed the extension 15 minutes ago from official link provided within Postwoman. The version reported is 0.5. I also tried manual update in browser's extensions config page.
2. Extension is allowed, active and configured with access to URLs and in Incognito.
3. CORS is NOT enabled on this app (I'm the developer)

However when I explicitly enabled CORS with Access-Control-Allow-Origin: * everything works now. Is it now enforced that the host MUST enable CORS otherwise the behavior is equal to invalid origin?
Honestly I don't remember such behavior and it is enforced at the application level. When I do plain cURL request everything works just fine. Is maybe one of your dependency packages enforcing this?

[liyasthomas]

If that's the case, we'll have to look further into it. Huge thanks for debugging and reporting the issue.

[Slaviusz]

You're welcome. Thanks for having a look.

[AndrewBastin]

Hi there,

Sorry for the late response, I am really swamped with personal stuff and end of the semester university work.

Due to security concerns of allowing open access to the extension hooks, the Postwoman Extension only hooks into the following domains

http(s)://postwoman.io/
http(s)://postwoman.netlify.com/

What that implies is that, you aren't allowed to access the extension if you are not in the above domains, so your locally hosted Postwoman builds can't access the official browser extension.

If you are using localhost, you will need to make your own build of the extension (more info on that here) with the permissions activated for your localhost page in the manifest.

I would love to make the extension an open system but this is implemented to prevent unauthorized bypassing of CORS by malicious sites that are not Postwoman.

Feel free to ask questions regarding this though, but I am closing this issue as this is an intended safeguard.

Thanks for using Postwoman ❤️

[liuxueyiTest]

3. Check endpoints don't have CROS restrictions

how to do ?

[liyasthomas]

3. Check endpoints don't have CROS restrictions

how to do ?

CORS is a security mechanism imposed on API endpoints. Its easily discoverable from the developers side. You can simply try hitting the endpoint from Hoppscotch.io and if there's no issue, and you got Okay 200 response, then it doesn't have CORS. If API response got any error, check console logs to know whether it's due to CORS restrictions. You can fix CORS issues with Hoppscotch Extension.

[liuxueyiTest]

&nbsp;thank you very much. Could&nbsp;you tell me how to turn off the cros ？I am is tester。&nbsp;I would appreciate it if you could give me some advice at your convenience. &nbsp; ------------------&nbsp;Original&nbsp;------------------ From: &nbsp;"Liyas Thomas"<notifications@github.com&gt;; Date: &nbsp;Fri, Dec 4, 2020 06:36 PM To: &nbsp;"hoppscotch/hoppscotch"<hoppscotch@noreply.github.com&gt;; Cc: &nbsp;"刘学义"<liuxueyi@xsyxsc.com&gt;; "Comment"<comment@noreply.github.com&gt;; Subject: &nbsp;Re: [hoppscotch/hoppscotch] Error: Network Error. Check console for details (#704) &nbsp; Check endpoints don't have CROS restrictions how to do ? CORS is a security mechanism imposed on API endpoints. Its easily discoverable from the developers side. You can simple try hitting the endpoint from Hoppscotch.io and if there's no issue, and you got Okay 200 response, then it doesn't have CORS. If API response got any error, check console to know where it's due to CORS restrictions. You can fix CORS issues with Hoppscotch Extension. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[liyasthomas]

https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome

[liuxueyiTest]

Thank you very much for your help.Hoppscotch is installed to my local computer, which is the same computer as my browser.According to your information, There is something wrong with my Browser extension. &nbsp; &nbsp;

…

------------------ Original ------------------ From: &nbsp;"Liyas Thomas"<notifications@github.com&gt;; Date: &nbsp;Fri, Dec 4, 2020 06:45 PM To: &nbsp;"hoppscotch/hoppscotch"<hoppscotch@noreply.github.com&gt;; Cc: &nbsp;"刘学义"<liuxueyi@xsyxsc.com&gt;; "Comment"<comment@noreply.github.com&gt;; Subject: &nbsp;Re: [hoppscotch/hoppscotch] Error: Network Error. Check console for details (#704) &nbsp; https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[liuxueyiTest]

Why can't My self-installed server show Extension Version.&nbsp;Could you please tell me where I am wrong? If you are convenient, please guide me. &nbsp; &nbsp; ------------------&nbsp;Original&nbsp;------------------ From: &nbsp;"刘学义"<liuxueyi@xsyxsc.com&gt;; Date: &nbsp;Fri, Dec 4, 2020 07:21 PM To: &nbsp;"hoppscotch/hoppscotch"<reply@reply.github.com&gt;; Subject: &nbsp;Re: [hoppscotch/hoppscotch] Error: Network Error. Check console for details (#704) &nbsp; Thank you very much for your help.Hoppscotch is installed to my local computer, which is the same computer as my browser.According to your information, There is something wrong with my Browser extension. &nbsp; &nbsp;

…

------------------ Original ------------------ From: &nbsp;"Liyas Thomas"<notifications@github.com&gt;; Date: &nbsp;Fri, Dec 4, 2020 06:45 PM To: &nbsp;"hoppscotch/hoppscotch"<hoppscotch@noreply.github.com&gt;; Cc: &nbsp;"刘学义"<liuxueyi@xsyxsc.com&gt;; "Comment"<comment@noreply.github.com&gt;; Subject: &nbsp;Re: [hoppscotch/hoppscotch] Error: Network Error. Check console for details (#704) &nbsp; https://stackoverflow.com/questions/3102819/disable-same-origin-policy-in-chrome — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[liuxueyiTest]

如果我访问我本地的自己部署的 hoppscotch 意思我要自己弄个浏览器扩展。