74

I'm working on a chrome extension that sends a HTTP request.

How do I send it to www.example.com with the parameter par with value 0?

https://www.example.com?par=0

(the server reads the parameter par and does something)

I found this article, talking about Cross-Origin XMLHttpRequest, but I don't know how their example could help me.

wOxxOm
  • 65,848
  • 11
  • 132
  • 136
Mirianna
  • 910
  • 1
  • 8
  • 18

1 Answers1

123

First, you'll need to edit your manifest.json and add the permission for www.example.com:

  • For the new Manifest V3, use the host_permissions field:

    {
    "manifest_version": 3,
    ...
    "host_permissions": [
        "https://www.example.com/*"
    ],
    ...
}

  • If you are still using the old Manifest V2, use the permissions field:

    {
    "manifest_version": 2,
    ...
    "permissions": [
        "https://www.example.com/*"
    ],
    ...
}

Then in your background page (or somewhere else) you can do:

fetch('http://www.example.com?par=0').then(r => r.text()).then(result => {
    // Result now contains the response text, do what you want...
})

See also MDN doc for fetch().

Deprecated version using XMLHttpRequest (ES5):

function callback() {
    if (xhr.readyState === XMLHttpRequest.DONE) {
        if (xhr.status === 200) {
            result = xhr.responseText;
            // ...
        }
    }
};

var xhr = new XMLHttpRequest();
xhr.open("GET", "http://www.example.com?par=0", true);
xhr.onreadystatechange = callback;
xhr.send();

NOTE the warning at the top of the relative documentation page:

In Manifest V3, XMLHttpRequest is not supported in background pages (provided by Service Workers). Please consider using its modern replacement, fetch()

Marco Bonelli
  • 63,369
  • 21
  • 118
  • 128
  • 2
    Just as a note: If you are on an https page and you are requesting an http URL, you might get a `Mixed Content: The page at '...' ` error. – Serguei Fedorov Apr 10 '15 at 14:57
  • Can I add a pattern instead a specific domain? – Adrian B Aug 24 '15 at 11:09
  • 2
    Yes you can, using * wildcards. If you want to allow acces over https and http though, you'll have to add that separately. Read https://developer.chrome.com/extensions/xhr – Nino van Hooff Aug 29 '15 at 22:09
  • https://stackoverflow.com/questions/34627921/synchronous-xmlhttprequest-on-the-main-thread-is-deprecated-tried-many-differ, https://stackoverflow.com/questions/11506687/google-chrome-extension-http-request – Frank R. Aug 14 '17 at 04:05
  • 6
    I got a CORB error trying to call `fetch` from my content script (adding external URL to `permissions` array does not solve the problem). The following answer solved my problem, which was to delegate the fetch call to a background script and send parsing the response back in the content script as originally intended. https://stackoverflow.com/questions/55214828/how-to-stop-corb-from-blocking-requests-to-data-resources-that-respond-with-cors/55215898#55215898 – Michael Yaworski May 31 '19 at 03:31
  • Property has been renamed from `permissions` => `host_permissions` – Guido Dizioli Apr 06 '21 at 18:42
  • is it possible to use axios? fetch did not contain interceptor. @Marco Bonelli – Dolphin Feb 06 '22 at 11:08
  • @liangqicai Not sure honestly as I have never used it. You will have to do some googling to figure that out... – Marco Bonelli Feb 06 '22 at 15:49