8

My code was working fine before the Chrome update.

I make an ajax call to my server. My server receives the call, returns JSON to the client, but the answer is always empty. When I look in Fiddler I get an answer from the server.

enter image description here

I try with JQuery, and I also try with an xmlhttp call. Always the same result

Did new CORS policy rules apply...?

There is my xmlHTTP call

 var xmlhttp = new XMLHttpRequest();   // new HttpRequest instance 
      var theUrl = "URL";
      xmlhttp.open("POST", theUrl);
      xmlhttp.setRequestHeader("Content-Type", "application/json;charset=UTF-8");
      xmlhttp.send('{ "args" :{ "Obj":"my obj"}}');
      xmlhttp.onreadystatechange = function(state,xhh,aaa){
        if (xmlhttp.readyState == XMLHttpRequest.DONE) {
          alert(xmlhttp.responseText);
        }
      }

The ajax call is similar

$.ajax({
        url: "URL",
        data: '{ "args" :{ "Obj":"my obj"}}',
        dataType: "json",
        contentType: "application/json; charset=utf-8",
        type: "POST",
        async: false,       
        error: function (xhr, ajaxOptions, thrownError) {
          if (that.Fail != null) {
            that.Fail();
          }
        },
        success : function(data){

           alert(data);

        }
      })
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Cédric Boivin
  • 10,854
  • 13
  • 57
  • 98
  • 2
    Are you making the request in a content script? If so, does it help if you make it from a background script? Otherwise this sounds like a bug, see if disabling ”Network Service” in chrome://flags helps. – wOxxOm Mar 14 '19 at 04:44
  • @wOxxOm yes i am in then content script. I will try to put my script in the background scripts. – Cédric Boivin Mar 14 '19 at 10:23
  • I realise that it's look like a little bit weird. For security reason they don't let you create call from content.js. The security issue, it's probably more when you send data, than you received. My call was made correctly, it's the answer i am not able to get back. If i am an "hacker" i don't care about the answer, my priority should be send data, not retreived it from my server ... i don't understand the move here ... That update broke our Chrome extension and give us a lot of JOB :-( – Cédric Boivin Mar 14 '19 at 15:18
  • 1
    You can send data by making a GET request - simply put the data in the URL hash or its query parameter. An URL can be 2MB long. – wOxxOm Mar 14 '19 at 15:21
  • @wOxxOm ya you are right. That it's my point, why they don't just block all CORB request from content.js instead only received the answer. – Cédric Boivin Mar 14 '19 at 15:50

1 Answers1

8

I had the same problem after upgrade to Chrome 73. Thanks to @wOxxOm

This is the workaround until now:

  1. Go to chrome://flags
  2. Disabled the Enable network service

Step by step

UPDATE:

This is not a bug, according to this announcement: https://www.chromium.org/Home/chromium-security/extension-content-script-fetches

You will need to put the Cross-Origin Fetches to the background script instead of the content script.

Han Tran
  • 2,073
  • 4
  • 22
  • 37
  • 1
    Thanks guy for you quick answer. Very useful. That was my problem! I move my ajax call that in the background.js and now it's work. Give me some job to move all the call made in the content.js to the background.js but ... i am on the right way! – Cédric Boivin Mar 14 '19 at 10:37