yomichan
yomichan copied to clipboard
FooSoft
403 Error With Anki Connection
Description Yomichan is giving a 403 error when connecting to Anki on Firefox, but not Chromium with the same settings.
Browser version 85.0.1 (64-bit)
Yomichan version Yomichan 21.4.30.1
The details that Yomichan gives for the 403 error are thus:
{
"action": "version",
"status": 403
}
_invoke@moz-extension://a0b8caf4-ca7a-4434-a2b9-29c023a17d40/js/comm/anki.js:188:27
As I briefly mentioned earlier, Anki connect is running fine and there is no error when I run it on Chromium with the same settings (exported and imported).
I am also on Ubuntu and have checked my system update log and I have not updated any system programs since when it was last working. I have however more recently had an update for AnkiConnect somewhat recently, but I believe that it was still working since that as well.
- Can you export your Yomichan settings file and share it here?
- Can you also check your addon settings for AnkiConnect and share them here?
- Can you access http://127.0.0.1:8765/ in your browser?
There's an old thread here #327 which we did some diagnostics in, you could try running the script listed https://github.com/FooSoft/yomichan/issues/327#issuecomment-576368773 from Yomichan's settings page, see what it outputs.
Here is the settings file (shared between Chrome and Firefox extension) yomichan-settings-2021-05-12-03-24-03.txt AnkiConnect settings are default (no API key and such)
{
"apiKey": null,
"apiLogPath": null,
"ignoreOriginList": [],
"webBindAddress": "127.0.0.1",
"webBindPort": 8765,
"webCorsOrigin": "http://localhost",
"webCorsOriginList": [
"http://localhost"
]
}
My hosts file also has localhost mapped to 127.0.0.1
Yes, I can visit the page in either browser (because the Chrome extension is still working, I don't think that AnkiConnect is majorly broken)
When I ran the API request script from the comment from thread #327 it failed out for each request with this response header and no contents:
HTTP/1.1 403 Forbidden
Access-Control-Allow-Origin: http://localhost
Access-Control-Allow-Headers: *
Here is the request header:
POST / HTTP/1.1
Host: 127.0.0.1:8765
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:85.0) Gecko/20100101 Firefox/85.0
Accept: */*
Accept-Language: en-US,en;q=0.7,ja;q=0.3
Accept-Encoding: gzip, deflate
Content-Type: application/json
Content-Length: 32
Origin: null
DNT: 1
Connection: keep-alive
I don't know much about HTTP requests, but the fact that AnkiConnect seems to want an origin of localhost where this has an origin feild listed as null looks suspicious to me.
When I run the same code in the dev console in Chrome, the response is as expected with the version number, an array of my decks, and an array of my card types.
There have been recent security related changes to tighten things down in AnkiConnect which may be the culprit. The bizarre thing here is difference in behavior between Firefox and Chrome.
I forget the exact way AnkiConnect handles this, but you could try adding "null" to the "webCorsOriginList" array in your AnkiConnect settings, see if that fixes it. Not sure why the Origin would be null though, maybe you have a browser setting or extension somewhere that is affecting it? I tested on Firefox Dev 89 and the Origin was filled properly.
Just tested Firefox 88.0 with latest version of AnkiConnect... did not see any issues.
I can confirm that adding null to the list webCorsOrginList list on AnkiConnect's configuration file does allow it to work with Firefox 85. From a security standpoint this seems a little sketchy, but probably not a big deal (assuming that AnkiConnect is relatively restricted in terms of system access).
Yes I do.
- Auto Tab Discard
- Bitwarden
- Clipboard Inserter
- Enhancer for Youtube™
- LeechBlock NG
- MarkDownload
- New Tab Override
- Trydactyl
- uBlock Origin
- Zotero Connector
The origin problem may just be the version I am using (these kinds of problems are why I am thinking of switching to an Arch based distro on my next computer).
I have Firenvim installed as well, but it is currently disabled.