According to chrome extensions API cross-origin calls using XMLHttpRequest object should be allowed if permissions are set:
An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.
I am closely following the Google tutorial, but the code below is giving me an error message:
XMLHttpRequest cannot load http://www.google.com/search?hl=en&q=ajax. Origin chrome-extension://bmehmboknpnjgjbmiaoidkkjfcgiimbo is not allowed by Access-Control-Allow-Origin.
I not only allowed requests to google.com, but requests to any website still can’t get through. Can anybody help?
My manifest file:
{ "name": "The popup", "version": "0.1", "popup": "popup.html", "permissions": [ "http://*/*", "https://*/*", "https://www.google.com/*", "http://www.google.com/*" ], "browser_action": { "default_icon": "clock-19.png", "default_title": "This is title", "default_popup": "popup.html" }}the actual call:
function sendRequest() { document.write("Sending request"); var req = new XMLHttpRequest(); req.open("GET", "http://www.google.com/search?hl=en&q=ajax", true); req.onreadystatechange = function() { if (req.readyState == 4) { if (req.status == 200) { alert(req.responseText); document.write("OK"); } } }; req.send();} Advertisement
Answer
Two things; you need to make sure you are making a packaged app/extension and not a hosted one. Cross origin requests will not work with hosted apps. Assuming you got that part pinned down, you may want to try to put the following into your permissions: http://*/ . That’s the only one I have for one of my packaged apps, and it does cross origin stuff without any problems.