Help Needed: Creating a CORS Bypass Extension for Postman

Hey there,

I’ve been encountering with an issue while developing a Chrome extension to bypass CORS limitations in Postman. My motivation for this project comes from the absence of Postman’s agent and CLI support for ARM64 systems, leaving me with limited options for using Postman on my Android device.

While the extension functions flawlessly on the desktop version of Chrome, it fails to operate on mobile browsers. Irrespective of the URL I attempt to access, such as “localhost:3000” or any other, the result remains empty, lacking of headers, status codes, or any indication of the underlying issue.

I’ve tried the latest versions available as of March 20, 2024, of Kiwi Browser, Lemur Browser, and Yandex Browser. However, the problem persists.

Below, I’m including the relevant code snippet for your review:

rules.json
[
{
“id”: 1,
“priority”: 1,
“condition”: {
“domains”: [“localhost”, “postman.co”, “planetary-place-111111.postman.co”],
“resourceTypes”: [“xmlhttprequest”]
},
“action”: {
“type”: “modifyHeaders”,
“responseHeaders”: [
{
“header”: “Access-Control-Allow-Origin”,
“operation”: “set”,
“value”: “"
},
{
“header”: “Access-Control-Allow-Headers”,
“operation”: “set”,
“value”: "”
},
{
“header”: “Access-Control-Expose-Headers”,
“operation”: “set”,
“value”: “"
},
{
“header”: “X-Postman-Intercepted”,
“operation”: “set”,
“value”: “0.0.1”
},
{
“header”: “Connection”,
“operation”: “set”,
“value”: “keep-alive”
},
{
“header”: “Accept”,
“operation”: “set”,
“value”: "/*”
},
{
“header”: “Accept-Encoding”,
“operation”: “set”,
“value”: “gzip, deflate, br”
}
]
}
}
]

manifest.json
{
“update_url”: “https://clients2.google.com/service/update2/crx”,

“name”: “Postman”,
“description”: “postman.co Extension”,
“version”: “0.0.1”,
“manifest_version”: 3,
“permissions”: [“declarativeNetRequest”],
“host_permissions”: [“:///"],
“background”: {
“service_worker”: “background.js”
},
“declarative_net_request”: {
“rule_resources”: [
{
“id”: “r-1”,
“enabled”: true,
“path”: “rules.json”
}
]
},
“externally_connectable”: {
“matches”: ["https://.postman.co/", "://localhost/*”]
}
}

background.js

chrome.runtime.onMessageExternal.addListener(function (
request,
sender,
sendResponse
) {
if (request?.message === “version”) sendResponse({ version: “0.0.1” });
return true;
});

Hi @migoGe. Welcome to the Postman Community Forum!

Postman Agent and CLI does support arm64 systems. However, I can see the limitation you’re experiencing, considering that you’re running this on an Android device.

Instead of “localhost:3000”, can you use “127.0.0.1” and see if that helps? Also, what fails to operate on mobile? Is it Postman or the browser extension?

I’m unfamiliar with your use case and curious to understand why you’d like to have Postman running on a mobile device?

Hey, thanks for the answer, well coding on mobile or tablet can be handy in extreme situations, also considering the fact that there is a DEX mode available on some android devices, for this reason I wanted a postman to work on android devices, since I use postman on daily bases at my work

btw here is the result I get, its just empty without any other data, I tried replacing the url with 127.0.0.1 but still nothing, It does not reach sever, since I have logging turned on there, also I can even use some random incorrect url like http://localhost:30asdasd0amsdkamksd, it still does the same.

image2320×1082 100 KB

before developing mine i tried every cors related extentions on google chrome store, and only this worked on desktop https://chromewebstore.google.com/detail/corset/oljdpckmidhdkppcbigjhbgahhillkoj
but on android like kiwi browser it still does the same as mine, I tought there was something wrong with this extention and thats why i started to develop mine, but i still faced same issue.

also when I try to install postman CLI on termux-nethunter, I get this issue:
“Only x64 is supported at this time” even github issue has been opened about this topic: Linux arm64 Support · Issue #5816 · postmanlabs/postman-app-support · GitHub
even tho its merged u will see people still complainging about this issue,
thats why i wanted to avoid this postman CLI and develop chrome extention.

I think this can be really helpful for people like me, who want to run postman web version on android.

Okay. Thank you for sharing this.

The Postman Agent is an intermediary between the Postman Application and the API server, which helps eradicate all CORS issues. Requests are routed through the Postman Agent directly from the browser.

In your case, I am not sure what the issue is since I don’t know how the chrome extension was built. I believe it will be very difficult to get this to work without the Postman Agent, especially since, by default, the web version of Postman tries to connect to this agent before processing any request.

An alternative I will suggest is our VS code extension. There are multiple ways to run VS code in the browser which will work quite well on a mobile phone/tablet. You can explore this option to see if it works for your use case.

Thank you again,
as I mentioned i managed to make it work but only on desktop chrome browsers, code that i used to make it work is pasted above, its that somehow android system or chromium browsers on android or something IDK prevents me to access localhost and thats where I thing the bug is comming from.

what makes it hard to debug is that as you can see on screenshot above you no longer get any postman warnings about to use postman agent, it just does not return anything. I tried to find similar issue on different websites but could not find anything similar.

Yes I initally tried to use the postman vscode extention but it only works in a vscode desktop version, it does not work in vscode web version such as this: https://vscode.dev, since on android to run desktop linux apps you need some third party app to remotely connect to it, which adds a lot of delay so i had to remove using vscode postman extention from my list of possible solutions.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.