Chrome extension permission XMLHttpRequest

Question

I am coding a chrome extension for first time. Read out their documentation well, specially permission section.

I want to load a JSON response from my localhost with a specific port ex. 3000.

I updated my mainfest.json and persssion section is like

  "permissions": [
    "http://localhost:3000/*"
  ],

But getting XMLHttpRequest cannot load http://localhost:3000/project/data.json Origin null is not allowed by Access-Control-Allow-Origin.

Seems I am missing something.

What am I missing?

Looks good. Did you reload the extension after adding the permission? Is the AJAX code running in the extension's process or content script? — Rob W, Jul 28 '13 at 18:56

score 0 · Answer 1 · answered Jul 28 '13 at 17:05

You could try any of the following solutions:

Add the following line to the end of your manifest file:

"content_security_policy": "script-src 'self' http://localhost:3000; object-src 'self'"

Hope it helps.

score 0 · Answer 2 · edited May 23 '17 at 12:20

0

If your request is sent to the same host with other port then this is already a cross domain request (please see http://en.wikipedia.org/wiki/Same_origin_policy#Origin_determination_rules). Cross domain ajax requsts are not allowed. There are two solutions:

To use JSONP request.
To add to the response header an option: Access-Control-Allow-Origin: * But not all browsers support this feature.

Please see:

edited May 23 '17 at 12:20

Community

answered Jul 28 '13 at 18:04

phts

1

While this information is relevant to ordinary Web pages, is not relevant to Chrome extension development, since Chrome extensions have the ability to [relax the same-origin policy](https://developer.chrome.com/extensions/xhr.html). This questions asks about an attempt to use this ability in a Chrome extension. – apsillers Jul 29 '13 at 13:11

2 Answers2