diff --git a/plugins/browser-extension/cyberstrikeai-browser-extension/README.md b/plugins/browser-extension/cyberstrikeai-browser-extension/README.md index b7af0ca7..661079ef 100644 --- a/plugins/browser-extension/cyberstrikeai-browser-extension/README.md +++ b/plugins/browser-extension/cyberstrikeai-browser-extension/README.md @@ -51,6 +51,8 @@ Closing DevTools clears panel data. Closing the browser invalidates the session After reloading the extension, close DevTools completely and reopen (F12) if you see `chrome.runtime.connect` errors — the old panel context is invalidated. +If Validate reports `cross-origin request denied`, upgrade and restart the CyberStrikeAI server. Current versions recognize valid Chrome/Edge extension origins automatically, so no extension ID or CORS configuration is required. The browser will still request host access on the first Validate. + ### Package ```bash diff --git a/plugins/browser-extension/cyberstrikeai-browser-extension/README.zh-CN.md b/plugins/browser-extension/cyberstrikeai-browser-extension/README.zh-CN.md index 069f90c7..e695ad4d 100644 --- a/plugins/browser-extension/cyberstrikeai-browser-extension/README.zh-CN.md +++ b/plugins/browser-extension/cyberstrikeai-browser-extension/README.zh-CN.md @@ -158,6 +158,9 @@ HTTP/2 伪首部。展示与 AI Prompt 已归一化为 HTTP/1.1;原始 HAR 仍 **Console 里 localhost CORS 报错是插件造成的吗?** 不是。那是页面自身请求本机服务被浏览器拦截,与扩展无关。 +**Validate 显示 `cross-origin request denied`?** +升级并重启 CyberStrikeAI 服务。新版服务会自动识别格式合法的 Chrome/Edge 扩展 Origin,无需复制插件 ID 或配置 CORS 白名单;插件首次 Validate 时仍会请求访问目标服务地址的浏览器权限。 + **Test History 很多会挡住 Captured Requests 吗?** 不会。历史区最高占侧边栏 **42%**,超出部分区域内滚动;捕获区占剩余空间。