Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

User configured extensions do not work on private code host if using public Sourcegraph instance #1945

Closed
lguychard opened this issue Jan 17, 2019 · 2 comments
Closed

User configured extensions do not work on private code host if using public Sourcegraph instance #1945

lguychard opened this issue Jan 17, 2019 · 2 comments
Labels
browser-extension bug An error, flaw or fault that produces an incorrect or unexpected result, or behavior. extensions Sourcegraph extensions

Comments

@lguychard
Copy link
Contributor

Discovered this while screensharing with Bas from Codecov.

Steps to reproduce:

  • Make sure you're logged in to sourcegraph.com, and your browser extension is pointing to sourcegraph.com
  • Enable codecov extension in your sourcegraph.com account
  • Visit a repo on a private code host (eg gitlab.sgdev.org, ghe.sgdev.org or docker run -p 8000:80 gitlab/gitlab-ce)
  • Witness codecov extension is not activated

A further look will reveal that only default extensions IDs are returned, as if you were in a logged out state:
image

This is normal: through the corsOrigin setting, sourcegraph.com is set up to only accept requests from github.com, bitbucket.org and gitlab.com, and while the browser extension uses access tokens to bypass cors, it doesn't do it for sourcegraph.com.

While expected, this defeats the goal of being able to use extensions on private code even without a private Sourcegraph instance (in the way Codecov currently works on private Github repositories, for instance).

This limitation could potentially be overcome by making all requests from the background page of the extension.
@lguychard lguychard added bug An error, flaw or fault that produces an incorrect or unexpected result, or behavior. extensions Sourcegraph extensions labels Jan 17, 2019
@lguychard
Copy link
Contributor Author

@sqs is this by design or something we want to handle?

@sqs
Copy link
Member

sqs commented Jan 18, 2019

This is something we want to handle.

@lguychard lguychard mentioned this issue Jan 18, 2019
Merged
lguychard added a commit that referenced this issue Jan 18, 2019
@lguychard
In browser extension, make all GraphQL api requests from background page
52624d6 
Fixes #1945

Makes sure all GraphQL API requests are sent from the background page, so as to bypass CORS restrictions when running on private code hosts with the public Sourcegraph instance. This allows us to run extensions on private code hosts without needing a private Sourcegraph instance.
lguychard added a commit that referenced this issue Jan 21, 2019
@lguychard
In browser extension, make all GraphQL api requests from background page
ddf871c 
Fixes #1945

Makes sure all GraphQL API requests are sent from the background page, so as to bypass CORS restrictions when running on private code hosts with the public Sourcegraph instance. This allows us to run extensions on private code hosts without needing a private Sourcegraph instance.
lguychard added a commit that referenced this issue Jan 21, 2019
@lguychard
In browser extension, make all GraphQL api requests from background p…
9eef8a3 
…age (#1954)

Fixes #1945

Makes sure all GraphQL API requests are sent from the background page, so as to bypass CORS restrictions when running on private code hosts with the public Sourcegraph instance. This allows us to run extensions on private code hosts without needing a private Sourcegraph instance.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
browser-extension bug An error, flaw or fault that produces an incorrect or unexpected result, or behavior. extensions Sourcegraph extensions
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sqs @lguychard