Re: [crx] Cross domain only works with --disable-web-security

2,358 views
Skip to first unread message
Message has been deleted

Joe Marini

unread,
Nov 13, 2012, 8:15:36 PM11/13/12
to Eric, Chromium-extensions
Sounds like it might be a cross-origin permission problem. Have you looked at http://developer.chrome.com/extensions/xhr.html ?



On Tue, Nov 13, 2012 at 5:12 AM, Eric <e...@ericwolfe.me> wrote:
I posted over at Stack Overflow but I didn't get any responses http://stackoverflow.com/questions/13343744/disable-web-security-in-chrome-for-cross-domain-scripting

I have a content script "main.js" that has an XMLHttpRequest to an outside domain. The callback returns null, UNLESS I run Chrome with the flag --disable-web-security in which case the XMLHttpRequest returns fine with the expected data. 

Here is my main.js file and manifest.json file
http://pastebin.com/4v4CQGNK

How do I get this to work without using the --disable-web-security flag?

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/y-OvDPprvJMJ.
To post to this group, send email to chromium-...@chromium.org.
To unsubscribe from this group, send email to chromium-extens...@chromium.org.
For more options, visit this group at http://groups.google.com/a/chromium.org/group/chromium-extensions/?hl=en.



--
Joe Marini
Developer Advocate / Chrome


Message has been deleted

Antony Sargent

unread,
Nov 27, 2012, 2:37:00 PM11/27/12
to Eric, chromium-...@chromium.org
Can you start by creating a new extension with this sample code and see if that works?

http://src.chromium.org/viewvc/chrome/trunk/src/chrome/common/extensions/docs/examples/howto/contentscript_xhr/

If it does, maybe you can use binary search from that example to your code to see what's going on.



On Tue, Nov 13, 2012 at 5:36 PM, Eric <e...@ericwolfe.me> wrote:
That page mentions:

By adding hosts or host match patterns (or both) to the permissions section of the manifest file, the extension can request access to remote servers outside of its origin.

And gives the following sample code:

"permissions": [ "http://www.google.com/" ],

Which I've already implemented though, and it still isn't working! :/ 

On Tuesday, November 13, 2012 5:15:51 PM UTC-8, Joe Marini wrote:
Sounds like it might be a cross-origin permission problem. Have you looked at http://developer.chrome.com/extensions/xhr.html ?

On Tue, Nov 13, 2012 at 5:12 AM, Eric <e...@ericwolfe.me> wrote:
I posted over at Stack Overflow but I didn't get any responses http://stackoverflow.com/questions/13343744/disable-web-security-in-chrome-for-cross-domain-scripting

I have a content script "main.js" that has an XMLHttpRequest to an outside domain. The callback returns null, UNLESS I run Chrome with the flag --disable-web-security in which case the XMLHttpRequest returns fine with the expected data. 

Here is my main.js file and manifest.json file
http://pastebin.com/4v4CQGNK

How do I get this to work without using the --disable-web-security flag?

--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/-/y-OvDPprvJMJ.
To post to this group, send email to chromium-...@chromium.org.

To unsubscribe from this group, send email to chromium-extensions+unsub...@chromium.org.



--
Joe Marini
Developer Advocate / Chrome


--
You received this message because you are subscribed to the Google Groups "Chromium-extensions" group.
Reply all
Reply to author
Forward
0 new messages