youtube icon indicating copy to clipboard operation
youtube copied to clipboard

Published 20 hours ago verified publisher icon code-charity

issue #1594

Open MohamedLebda opened this issue 1 year ago • 2 comments

the browser's Same Origin Policy is blocking a cross-origin request to https://googleads.g.doubleclick.net/. This means that the browser is preventing the web page from accessing resources on a different domain than the one that served the web page.

The missing 'Access-Control-Allow-Origin' header is a CORS (Cross-Origin Resource Sharing) related issue. When a website makes a cross-origin request, the server needs to send this header along with the response to indicate which origins are allowed to access the resource. If this header is missing, the browser will block the request.

This issue could be causing problems with the functionality of the web page, depending on what resources are being requested from the remote domain. issue1594

MohamedLebda avatar Mar 06 '23 00:03 MohamedLebda

hi @MohamedLebda, assigned you to #1594 quickly (about 4.0.17 from january), even if it is just for you to close it, just in case it adds any detail, since you researched autoplay. in future we can keep store and repo versions more synced.

googleads .... CORS

interesting, seen this once, how'd youtube's code relate to us there?

  • We could probably clean up the DOM a lot #1211 / with XMLHttpRequest ?
  • The permission you are adding, seems to exist in manifest 2 only. https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/manifest.json/permissions#example
    • to make an example about code history:
      We cant know why our old maintainer removed these lines... https://github.com/code-for-charity/ImprovedTube-for-YouTube/blob/bceff46d0e1a8ed18cca81325c52cc2b0aab6a87/manifest.json#L72-L77 ...besides:
      • maybe both permissions were misunderstood? (optional *.youtube was intended for optional use at m.youtube, music.youtube)
        • screenshots work without the download permission
          • so it might be easy to understand everything here. (Might also find cases were he wrote something interesting but removed/forgot it, but maybe not this time.)

ImprovedTube avatar Mar 07 '23 05:03 ImprovedTube

imo screwing with CORS is a big security nono, if google wants ads to work on YT they can fix this themselves, not to mention this might be viewed as malicious by the Extension store review process and result in removing from the store.

raszpl avatar May 02 '23 09:05 raszpl