User configured extensions do not work on private code host if using public Sourcegraph instance #1945
Labels
browser-extension
bug
An error, flaw or fault that produces an incorrect or unexpected result, or behavior.
extensions
Sourcegraph extensions
Discovered this while screensharing with Bas from Codecov.
Steps to reproduce:
docker run -p 8000:80 gitlab/gitlab-ce
)A further look will reveal that only default extensions IDs are returned, as if you were in a logged out state:
This is normal: through the corsOrigin setting, sourcegraph.com is set up to only accept requests from github.com, bitbucket.org and gitlab.com, and while the browser extension uses access tokens to bypass cors, it doesn't do it for sourcegraph.com.
While expected, this defeats the goal of being able to use extensions on private code even without a private Sourcegraph instance (in the way Codecov currently works on private Github repositories, for instance).
This limitation could potentially be overcome by making all requests from the background page of the extension.
The text was updated successfully, but these errors were encountered: