70

I am trying to send form data to a webservice but below "Request Header" in the "Network" of the Chrome DOM I got the origin evil.example and referer "localhost:8080".

Accept:application/json, text/plain, */*
Accept-Encoding:gzip, deflate
Accept-Language:nb-NO,nb;q=0.8,no;q=0.6,nn;q=0.4,en-US;q=0.2,en;q=0.2
Connection:keep-alive
Content-Length:91
Content-Type:application/x-www-form-urlencoded; charset=UTF-8;
Host:office.insoft.net:9091
Origin:http://evil.example/
Referer:http://localhost:8080/
User-Agent:Mozilla/5.0 (Macintosh; Intel Mac OS X 10_9_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2230.0 Safari/537.36

I want to change to another origin and "localhost:8080" would be the best origin.

How do I resolve that problem?

Stephen Ostermiller
  • 23,933
  • 14
  • 88
  • 109
Øystein Drabløs
  • 711
  • 1
  • 7
  • 7

2 Answers2

131

The overwrite of the header origin is caused by Allow-Control-Allow-Origin: * chrome extension.

Link to the extension

Try disabling this extension in order to solve your problem.

Craig S. Anderson
  • 6,966
  • 4
  • 33
  • 46
Joffrey Maheo
  • 2,919
  • 2
  • 20
  • 23
  • Which extension are you referring to? A name or link would be helpful. – jared Feb 28 '15 at 22:20
  • 1
    Looks like this is it: https://chrome.google.com/webstore/detail/allow-control-allow-origi/nlfbmbojpeacfghkpbjhddihlkkiljbi Name is "Allow-Control-Allow-Origin: *" as above. Apologies, it didn't look like the name of the extension. – jared Feb 28 '15 at 22:30
  • 3
    Worst name for an addon. – Ringo Jun 16 '16 at 20:54
  • 1
    Isn't evil.com kind of disconcerting? Is this benign or evil? – wcochran Feb 27 '17 at 21:02
  • how the CORS issue is bypassed by this extension by simply adding **Origin**: evil.com/? – snippetkid Mar 02 '17 at 14:42
  • This extension brings trouble when you want to allow CORS credentials: "The value of the 'Access-Control-Allow-Origin' header in the response must not be the wildcard '*' when the request's credentials mode is 'include'." – ZeWaren Mar 25 '17 at 11:53
  • 1
    It could be from any extension that copies from the chrome developer examples. see included link [chrome](https://developer.chrome.com/extensions/webRequest#examples) – user2144406 Jan 01 '18 at 15:28
  • 1
    https://github.com/vitvad/Access-Control-Allow-Origin/issues/45 I must admit that scared me out too, lol. – Sait Banazili Sep 10 '18 at 15:43
0

To create a jupyter_notebook_config.py file if it is not there, , you can use the following command line from ~/.jupyter:

$ jupyter notebook --generate-config

Uncomment this 

c.NotebookApp.allow_origin = '*'
RAHUL KUMAR
  • 1,123
  • 11
  • 9