3

Maybe are there some settings to disable this in extension context. Since I'm developing an extension it should be my own responsibility to not shoot my own goal. It is very frustrating to fiddle with this security thing that is totally out of reason when developing browser extensions.

I don't want to make whole browser insecure by disabling it globally. just for the scripts that are set in "content_scripts" section in manifest.json

rsk82
  • 28,217
  • 50
  • 150
  • 240

1 Answers1

7

Your manifest.json file should have the domain you're looking to use in the permissions:

"permissions": [
    "http://*.domain.com/"
]
Jimmy Sawczuk
  • 13,488
  • 7
  • 46
  • 60
  • 1
    I have "http://*" and still can't get proper content height on cross domain iframe in "content_scripts". – rsk82 May 18 '11 at 22:17
  • That's a different issue, no? Can you paste some code to show what you're trying to do? – Jimmy Sawczuk May 18 '11 at 22:30
  • 1
    I just want to be able to get to the context of cross domain iframe from main page. The iframe server sends header('Access-Control-Allow-Origin: *'); and of course the code that is in the plugin is in its 'isolated world' that google is so proud about, what the flock is the security doing here, i think they just didn't think of disabling it. – rsk82 May 19 '11 at 06:29
  • +rsk82 the question was marked as answered, however did you find a solution to accessing the iframe content? – David Aug 24 '13 at 02:36
  • @David This one is interesting to me too. – polkovnikov.ph Feb 18 '14 at 16:36