12

According to chrome extensions API cross-origin calls using XMLHttpRequest object should be allowed if permissions are set:

An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

I am closely following the Google tutorial, but the code below is giving me an error message:

XMLHttpRequest cannot load http://www.google.com/search?hl=en&q=ajax. Origin chrome-extension://bmehmboknpnjgjbmiaoidkkjfcgiimbo is not allowed by Access-Control-Allow-Origin.

I not only allowed requests to google.com, but requests to any website still can't get through. Can anybody help?

My manifest file:

{
  "name": "The popup",
  "version": "0.1",
  "popup": "popup.html",
  "permissions": [
    "http://*/*",
    "https://*/*",
    "https://www.google.com/*",
    "http://www.google.com/*"
    ],
  "browser_action": {
    "default_icon": "clock-19.png",
    "default_title": "This is title",
    "default_popup": "popup.html"
  }
}

the actual call:

function sendRequest() {
    document.write("Sending request");
    var req = new XMLHttpRequest();
      req.open("GET", "http://www.google.com/search?hl=en&q=ajax", true);
      req.onreadystatechange = function() {
          if (req.readyState == 4) {
            if (req.status == 200) {
              alert(req.responseText);
              document.write("OK");
            }
          }
        };
      req.send();
}
SherylHohman
  • 16,580
  • 17
  • 88
  • 94
matcheek
  • 4,887
  • 9
  • 42
  • 73
  • Had a similar issue. Mine was to do with not setting up cross-domain permissions in the manifest.json. I'll add http://developer.chrome.com/extensions/xhr.html for others to find. – Jono Jan 25 '14 at 13:30

2 Answers2

29

Two things; you need to make sure you are making a packaged app/extension and not a hosted one. Cross origin requests will not work with hosted apps. Assuming you got that part pinned down, you may want to try to put the following into your permissions: http://*/ . That's the only one I have for one of my packaged apps, and it does cross origin stuff without any problems.

Marius Kjeldahl
  • 6,830
  • 3
  • 33
  • 37
  • 5
    Bingo! The tutorial I was following does not mention a word about the fact that it has to be packaged to get cross-origin xmlhttprequest working correctly. I guess this is something I should have known since I was born. Thank you! – matcheek Feb 23 '12 at 22:42
  • 1
    Yes, I went through the same trial and error to figure it out. The docs really should be updated to reflect the differences between hosted and packaged apps, and possibly clear up whether an extension is the same as an app etc. – Marius Kjeldahl Feb 24 '12 at 12:14
  • 10
    what are packaged and hosted extensions? – Capi Etheriel Oct 29 '12 at 14:48
  • 2
    @barraponto refer https://developers.google.com/chrome/web-store/articles/apps_vs_extensions?hl=zh-CN – llj098 Jan 10 '14 at 13:52
  • Guys, I'm having a similar issue. I've packaged my dev extension locally, but do I need to submit this to the app store before the cross origin stuff works? – Jono Jan 24 '14 at 14:51
  • So this is just not possible in extensions? Only apps? – maxko87 Jul 11 '14 at 07:42
  • 8
    Note that when installing an app that requires permissions ["http://*/"], the user will get a warning "This app: Can access your data on all websites". Users of my app are burning the app with 1 star reviews for that right now :(. – Jos de Jong Jul 30 '14 at 18:30
  • Brilliant @Marius Kjeldahl I was looking for CORS but this is most easiest solution.......... – Keyur Padalia Dec 19 '14 at 11:35
  • @MariusKjeldahl any solution for hosted extension and request of page same computer how to resolve this thing any chrome command for that ?? to disable this things. ?? – Divyesh Kanzariya Apr 28 '16 at 06:12
  • I worked just two days for nothing because i didn't know that. it's mean that all ajax request i did worked but i didn't know it and worked hours to make it work in the hosted version. Thank you – Gino Nov 21 '16 at 19:25
  • Thank you! Super useful. Not even at [Google Docs](https://developer.chrome.com/extensions/xhr) I found something about that "non-package issue". – moreirapontocom Sep 12 '17 at 14:55
0

I don't know if this will be the case, but if you use localhost you should add it in the manifest.json like this:

  "permissions": [
    "http://localhost/*/"
   ],
Dharman
  • 30,962
  • 25
  • 85
  • 135
jachSoft
  • 1
  • 1