8

Yep that's correct - however, they have no effect. For example,

is turned on, yet does not do anything

    10 days later

    2 more errors while configuring this:

    • The token validation on the extension options page fails with this error:
    Unhandled Promise Rejection: TypeError: null is not an object (evaluating 'response.headers.get("X-OAuth-Scopes").split')

    Source (in case it helps): https://github.com/refined-github/refined-github/blob/de1287f62fd27d42a97d7d5615903510d4954755/source/options.tsx#L62

    • The favicon fails to load with this error:
    Failed to load resource: The operation couldn’t be completed. (Orion.SchemeHandlerError error 2.)

    Checking the network tab, it seems to be trying to access chrome-extension://hlepfoohegkhhmjieoechaddaejaokhf/favicon.ico, and I am assuming Orion is failing to parse chrome-extension as a valid scheme?

    4 months later

    I took a bit of a look into this, and it seems that Refined is trying to access the X-OAuth-Scopes header. That is included in the Access-Control-Expose-Headers header object (so it should be accessible), but looking at the actually available headers in the Response's Header object, only a small subset are shown. The header list in the network tab does include the scopes header, but it's lowercased, as x-oauth-scopes.

    Available Headers within the console:
    ["access-control-allow-origin", "access-control-expose-headers", "cache-control", "content-encoding", "content-security-policy", "content-type", "date", "etag", "referrer-policy", "vary", "x-content-type-options", "x-frame-options", "x-xss-protection"]

    This is the value of Access-Control-Expose-Headers in the network tab:
    ETag, Link, Location, Retry-After, X-GitHub-OTP, X-RateLimit-Limit, X-RateLimit-Remaining, X-RateLimit-Used, X-RateLimit-Resource, X-RateLimit-Reset, X-OAuth-Scopes, X-Accepted-OAuth-Scopes, X-Poll-Interval, X-GitHub-Media-Type, X-GitHub-SSO, X-GitHub-Request-Id, Deprecation, Sunset.

    • Vlad replied to this.
      7 days later

      Yes, I would do a quick check to make sure that Orion is correctly applying Access-Control-Expose-Headers in extensions without case-sensitivity — AFAIK, if the header is in that list, it should be available to requester (whatever called fetch()).

      In this case, Access-Control-Expose-Headers includes a header (x-oauth-scopes) that isn't available to the requester. It does exist in the browser network tab so it should be available. It could be a webkit bug, but apparently Safari supports Access-Control-Expose-Headers.

        8 days later
        2 months later

        Also, extension configuration page shows an error accessing X-OAuth-Scopes header when a valid token is introduced.

        It seems Orion has some problem accesing this header.
        But header is actually in the response of the request as is shown in the Network tab of the inspector.

          mober It is not advised not post in issues maked as done.

          If you have a bug report, create a new post with all necessary details.

              5 months later

              this still seems to be an issue and not done. should we make a new ticket for this or keep this one then? the last comment from @mober is still happening, with the latest version of orion, today.

              • Vlad replied to this.

                pvinis Yes, create a new post with exact steps to reproduce.

                  Vlad locked the discussion .
                    No one is typing