1

Hi there fellow exchangers!

I am creating a chrome extension that appears above the website a user is viewing. I want to pull and send data to a database located on a server. I know that I'll be using xhr and while this works across the web...it oddly fails when I try and deploy this code on sites that are google products, such as gmail and google docs. It almost seems like google prevents XMLHttpRequest around their sites/products. Ironically enough, those are the two sites that I care the most that this works on. Any insight on why CORS behaves differently on the .google.com/ domain or what I'm missing would be greatly appreciated it. 

$.ajax({
    url: urlpath + "db.php?type=symbol&value=",
    type: 'GET',
    data: "{}",
    contentType: "application/json; charset=utf-8",
    dataType: 'json',
    async: false,
    success: function(data){
        db = data;
    },
    error : function () {
        alert('DB connection failed');
    }
});

Here's what my manifest.json file has for permissions (I also have the matches for good measure):

{
  "name": "My extension",
  ...
  "permissions": [
    "http://*/*",
    "https://*/*"
  ],
  ...
  "content_scripts": [ {
   ...
       "matches": [ 
   "http://*/*", "https://*/*", 
    "https://mail.google.com/mail/*", "http://mail.google.com/mail/*",
    "https://mail.google.com/*", "http://mail.google.com/*"
        ]
  }]
}
Timon Safaie
  • 11
  • 1
  • What's `urlpath`? What errors do you see in the JS console of the tab? – Rob W Nov 25 '14 at 21:41
  • The full url is "http://mathx.co/chrome/mathx/mathdb.php?type=symbol&value=", The error in the js console is the following: -> Mixed Content: The page at 'https://mail.google.com/mail/u/0/#inbox' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://mathx.co/chrome/mathx/mathdb.php?type=symbol&value=&{}'. This request has been blocked; the content must be served over HTTPS. Seems like I'll have to get an SSL for the mathx.co domain. Google only allows calls made to https... This was very insightful. Is that what I was missing? – Timon Safaie Nov 25 '14 at 21:53
  • You're welcome. You can edit out the URL from your comment if you wish to keep it private. – Rob W Nov 25 '14 at 21:54
  • Thanks again Rob! It's okay, I'll change the url on my end. – Timon Safaie Nov 25 '14 at 21:58

0 Answers0