0

I am trying to build a chrome extension for which i need to ping to different machines.The code which i tried with is able to read the response headers for a https site but not for http.I am new to Javascripting. Any help would be great.I understand it is a CORS issue and tried setting the headers in the client code.many forums mention it setting al the server side but where can I do in this case? Please find the code below and the plugin UI and response returned from https site in the snapshot.

Code--

url="https://www.icicibank.com/";
//url = "www.rediff.com/";  
ping = new XMLHttpRequest(); 
ping.open("get", url,true);
//ping.setRequestHeader("Access-Control-Allow-Origin","*"); 
// ping.setRequestHeader("Access-Control-Allow-Credentials", "true");
ping.send(null)
ping.onreadystatechange=function() {
if (ping.readyState==4) {
alert(ping.getAllResponseHeaders());
//alertify.alert(ping.getAllResponseHeaders());
}
}

Thanks

Caleb Kleveter
  • 11,170
  • 8
  • 62
  • 92
Jaideep Bahadur Srivastava
  • 31
  • 5
  • You need to handle [preflight requests](http://stackoverflow.com/a/8689332/4361743) on the target server. – karman Nov 18 '16 at 12:37

1 Answers1

0

CORS is indeed part of the server response, not the request. So you cannot "set" it on your side.

However, extensions are allowed to bypass CORS restrictions and make cross-origin requests. But for that you need to list domains you're going to connect to in manifest permissions. The user will be warned, at install time, that you'll interact with those domains.

For example, to allow requests to http://example.com and https://example.com domains regardless of CORS, you need to include in the manifest:

"permissions" : [
  "*://example.com/"
],

If you can't say which sites you'll need to connect to in advance, you'll either need permissions for all urls (special permission, literally, "<all_urls>") or use Optional Permissions to request that at runtime.

Xan
  • 74,770
  • 16
  • 179
  • 206
  • Wow.. thanks Xan for your help. I had already set "" in the manifest under permissions but it was not working but setting it under Optional permissions worked for me and that too without any warning.Many thanks !!! – Jaideep Bahadur Srivastava Nov 18 '16 at 16:46
  • Traditional permissions override optional permissions. Once granted, your LOCAL install will have them granted - it will work on your install, but stop working if you remove and add the extension again. – Xan Nov 18 '16 at 16:47
  • what i have done Xan is having the "" defined in both the permissions and optional permissions. Even if i remove and add the extension, it is working fine. – Jaideep Bahadur Srivastava Nov 18 '16 at 19:07
  • But you don't need it in optional permissions for it to work. You really, really don't. You probably just forgot to reload. – Xan Nov 18 '16 at 19:14