1

I'm having a similar issue to this other question on SO, "XMLHttpRequest not working in Google Chrome Packaged Web App". However, the selected answer is not working for me. I do have the url that I'm trying to request listed in the manifest permissions. I have a feeling this has to do with cross-site-scripting prevention, as I read about in the Cross-Origin XMLHttpRequest and Embed Content docs for Chrome.

When I inspect the response, everything's empty, no status code, no response, no statusText, just like what happens when trying to make a request across domains as in XSS, as seen in this SO question: Empty responseText from XMLHttpRequest.

Here's my manifest:

{
    "manifest_version" : 2,
    "name": "{name}",
    "description" : "{description}",
    "version" : "0.1",
    "minimum_chrome_version": "23",

    "permissions": [
        "idle",
        "storage",
        "notifications",
        "https://prefix.domain.suffix/*",
        "https://prefix.domain.suffix/sub/"
    ],

    "app": {
        "background": {
          "scripts": ["models.js", "background.js"]
        }
    },


    "icons": { "16": "icon-16.png", "128": "icon-128.png" }
}

I'm using this function to do the requests:

function xhr(url, callback){
    var timeout= 2000;
    var xhr = new window.XMLHttpRequest();
    xhr.ontimeout = function () {
        console.error("The request for " + url + " timed out.");
    };
    xhr.onerror = function(){
        console.error("error: "+xhr.statusText);
    }
    xhr.onload = function() {
        if (xhr.readyState === 4) {
            if (xhr.status === 200) {
                window.console.log("response: "+xhr.response);
                callback(JSON.parse(xhr.response));
            } else {
                console.error(xhr.statusText);
            }
        }
    };
    xhr.open("GET", url, true);
    xhr.timeout = timeout;
    xhr.send(null);
}

The url I'm trying to request is fairly basic with some query string parameters tacked on the end and looks like this:

https://prefix.domain.suffix/sub/serve.aspx?param1=val1&param2=val2

Which, when loaded in the browser, returns simple and valid JSON:

{
    "ret" : [

        { "date": 1380603600000, "foo": bar1 }, 
        { "date": 1380776400000, "foo": bar2 }
    ]
}

The function I'm using to test in the developer console is this:

xhr('https://prefix.domain.suffix/sub/serve.aspx?param1=val1&param2=val2', function(e){ console.log(e); });

All that is printed to the console is error:, and xhr at that moment is:

XMLHttpRequest {statusText: "", status: 0, response: "", responseType: "", responseXML: null…}

One other thing which may need to be considered is that this url I'm requesting is behind authentication on my server. I'm logged in and am able to access the page, regardless of which tab I'm using, so I don't think that's the problem, but it still might be.

Community
  • 1
  • 1
Kyle Falconer
  • 8,302
  • 6
  • 48
  • 68
  • Apps don't share your browser's cookie store. They're like native apps in that respect. So your last paragraph is likely the issue. Change to a server that doesn't require authentication as a test to confirm it. Then investigate chrome.identity. – sowbug Oct 05 '13 at 04:45
  • @sowbug, I'll give it a shot, but don't you think that if it was an authentication issue, there would be some kind of status code in the `xhr` object? – Kyle Falconer Oct 05 '13 at 05:55
  • It's probably easier to try it than to speculate here. Let us know. – sowbug Oct 05 '13 at 15:11
  • @sowbug, that was it! Now I'll just have to find out how I can authenticate. – Kyle Falconer Oct 08 '13 at 15:22
  • @sowbug if you make an answer, I will accept it as the solution. – Kyle Falconer Nov 22 '13 at 16:17

2 Answers2

3

Apps don't share your browser's cookie store. They're like native apps in that respect. So your last paragraph is likely the issue. Change to a server that doesn't require authentication as a test to confirm it. Then investigate chrome.identity.

sowbug
  • 4,644
  • 22
  • 29
  • but what would be your recommendation if a Chrome packaged app really *does* need Basic Auth over HTTPS instead of OAuth (eg. doing smart Http protocol clone of git repo from Github or Bitbucket) ? as chrome.identity is no help there... – Maks May 22 '14 at 00:46
  • That's a new question. Ask it! – sowbug May 22 '14 at 03:06
  • yes good point! I did and in the process of writing it I figured out that solution, so thanks for the prompt... http://stackoverflow.com/questions/23798304/is-there-a-way-for-chrome-packaged-apps-to-handle-http-basicauthentication – Maks May 22 '14 at 05:16
-2
 if (window.XMLHttpRequest)
            {// code for IE7+, Firefox, Chrome, Opera, Safari
                xmlhttp = new XMLHttpRequest();
            }
            else
            {// code for IE6, IE5
                xmlhttp = new ActiveXObject("Microsoft.XMLHTTP");
            }

try this...

user3917953
  • 1
  • 3
  • 1
    This won't fix the problem. I'm making a packaged Chrome app, which means that I'm guaranteed to have the XMLHttpRequest function, and this code will never be run on IE. Thanks for responding anyway. – Kyle Falconer Oct 05 '13 at 15:57