Error in Chrome: "Origin file:// is not allowed by Access-Control-Allow-Origin"

Question

I am writing codes for a Chrome extension that needs to access minus.com, which uses oAuth 2.0 for authentication, so I wrote a javascript file 'test.js', then included it in a HTML file 'test.html', then load 'test.html' in Chrome to test the javascript codes, which is used for the authentication.

The structure of the 'test.js' looks like this:

function Ajax(url, options) {

// some function content

    // Sending data
    if (options.method === "POST" && (options.params || options.binaryData)) {
        if (options.binaryData) {
            xhr.sendAsBinary(options.binaryData);
        } else {
            xhr.send(hashToQueryString(options.params));
        }
    } else {
        xhr.send(null);
    }

    return xhr;
}

function refreshToken(refresh_token) {
    var params = {
        'grant_type': 'refresh_token',
        'client_id': API_KEY,
        'client_secret': API_SECRET,
        'refresh_token': refresh_token,
        'scope': 'read_all modify_all upload_new'
    }

    new Ajax("https://minus.com/oauth/token", {
        params: params,

        onSuccess: function(response) {
            console.log(response.access_token);
        },

        onError: function(response) {
            console.log('error: wrong_token');
        }
    });               
}

refreshToken();

When I loaded the 'test.html' in Chrome to test 'test.js', it prompted an error in the console, saying "XMLHttpRequest cannot load https://minus.com/oauth/token?... Origin file:// is not allowed by Access-Control-Allow-Origin." I have tried to launch Chrome with the option "--allow-file-access-from-files" or "--disable-web-security", but it didn't solve the problem. However, if I commented the "Sending data" part in the "Ajax"function, there is no error.

Does anyone have ideas what's going on here?

Thanks!

I believe you are calling your requests cross-domain. Google Chrome will issue this error if you do so. — Raptor, Mar 23 '12 at 03:04

Stefano · Answer 1 · 2012-03-25T16:40:45.203

2

To be very specific about your problem: you need to add the hosts you want to be able to access in cross-domain to your extension manifest:

http://code.google.com/chrome/extensions/xhr.html

{
  "name": "My extension",
  ...
  "permissions": [
    "https://*.minus.com/"
  ],
  ...
}

edit

on a side note, I sometimes get weird cross-domain errors in my chrome when I have a LOT of extensions active. I then have to disable at least a couple, the refresh the extension and it works - or sometimes restart chrome.

edited Mar 25 '12 at 16:40

answered Mar 23 '12 at 09:27

Stefano

18,083
13
64
79

Hi, Stefano, I have added the host domain "https://*.minus.com/" into the 'manifest.json' file as you suggested, but the error changed to be "Origin chrome-extension://imoialplpijakfpmofocnamgopchikjk is not allowed by Access-Control-Allow-Origin." Is there any thing I am still missing? Thanks! – chaohuang Mar 25 '12 at 03:33
@chaohuang how exactly do you "load" test.html? Is it your background page, a browser action, or...? (it should work in any case but...) – Stefano Mar 25 '12 at 16:39
The 'test.html' is my background page. – chaohuang Mar 25 '12 at 17:17
@chaohuang if you got the permission and you are in a background page, it must work - but please see my edit: I sometimes have random bugs that weirdly forbit cross-domain in my extensions. Try reducing the number of installed extensions or use a new profile, and reload/restart – Stefano Mar 25 '12 at 17:25

score 1 · Accepted Answer · edited May 23 '17 at 11:56

1

You solve it by making your application a packaged application which does support cross domain calls. Hosted applications do not.

You may also want to read Cross-Origin XMLHttpRequest in chrome extensions

edited May 23 '17 at 11:56

Community

1
1

answered Mar 23 '12 at 09:03

Marius Kjeldahl

6,830
3
33
37

Hi Marius, I have packed my extension into a .crx file, but I don't know how to load it into Chrome. It seems there is only "Load unpacked extension" option in the Chrome extension page. – chaohuang Mar 25 '12 at 03:54
@chaohuang just drag and drop it onto chrome, and it will install. It does not make any difference, though, if it's a crx rather than an unpacked extension. What Marius meant is that if your extension is an hosted app you will not get cross-domain requests, but it does not seem it's your case. – Stefano Mar 25 '12 at 16:43
I think just trying to open the crx file (File -> Open File) will install it, but drag and drop should work as well as Stefano says. – Marius Kjeldahl Mar 28 '12 at 13:24

Error in Chrome: "Origin file:// is not allowed by Access-Control-Allow-Origin"

2 Answers2