I’ve installed the Chrome extension and it says the connection to JabRef is successful and that it has access to sites like ACM digital library and IEEExplore. But when I click on the JabRef icon in the extensions panel, it opens the menu as if I had right-clicked. It also opens the menu when I do right-click. There is an error in the JabRef log:
Access to XMLHttpRequest at ‘https://repo.zotero.org/repo/metadata?version=5.0.0&last=0’ from origin ‘chrome-extension://bifehkofibaamoeaopjglfkddgkijdlh’ has been blocked by CORS policy: No ‘Access-Control-Allow-Origin’ header is present on the requested resource.
Does this extension rely on cross-site scripting via zotero.org? That is a major security hazard and will be blocked by any well-configured browser. Is there a safe workaround here?