1

I have a Chrome Extension that sends AJAX POST with some data on every page.

The problem is that, Facebook block the AJAX request resulting this:

Refused to connect to 'URL_HERE' because it violates the following Content Security Policy directive: "connect-src https://.facebook.com http://.facebook.com https://.fbcdn.net http://.fbcdn.net *.facebook.net .spotilocal.com: https://.akamaihd.net ws://.facebook.com:* http://*.akamaihd.net".

How to send AJAX call to my server on that page also?

I am new to making Chrome Extensions, please tell me if anything is possible. I am using Content Scripts. Not sure if something can be done with background pages.

Also, is there some place I can use to store data in Chrome Extension while using content scripts?

Rob W
  • 341,306
  • 83
  • 791
  • 678
Kab Mikua
  • 9
  • 7

1 Answers1

2

The only way to perform a cross-origin request when the page's CSP interferes is through a background page. You can find a complete example at Cross-domain XMLHttpRequest using background pages.

Also, is there some place I can use to store data in Chrome Extension while using content scripts?

Use the chrome.storage API, or use message passing and localStorage. See this answer for a more detailed explanation and sample code.

Community
  • 1
  • 1
Rob W
  • 341,306
  • 83
  • 791
  • 678