CORS problem wit chrome extensions

[Alex Wolkov]

Hi, I'm having a problem with chrome extensions and CORS.

For some reason, when I perform  a $http.get in a chrome extension page (I open it through) chrome-extension://id/index.html

Everything is fine, and I get the requested page

however, when I run the same page inside an iframe on my page, eg <iframe src="chrome-extension://id/index.html"> the same code fails!

When debugging it seem that somehow on that page, angular decides that my $http should be CORS and sends an OPTION request before.

My server does not support CORS and I don't need to as in my chrome extension I don't have same-origin restrictions.

So 2 questions arise : 

1) What makes angular default to CORS in one of the situations?

2) How can I turn off CORS and sending the OPTION header programmatically?  (google didn't help, found all kinds of obsolete stuff like $http.defaults and other non supported crap)

[Lee Whitney]

Angular has nothing to do with it.

All browsers require either CORS or JSONP for making any REST request to a different domain.  It's been this way for years.

Since you're not using JSONP, Chrome automatically uses CORS.

The best solution is to have your server support CORS.

All this assumes your "GET" is to different domain than your page.

[Lee Whitney]

Forgot to say the reason it works in your Chrome extension is that the Same Origin Policy is not required in extension code.

[Alex Wolkov]

Hey Lee, thanx for the answer.

I know (and in fact mentioned it) that in the chrome extension proccess I don't have cross origin policies, this is actually what the thread is about.

I think angular does have something to do with it, as when I replace $http.get() with $.get() by jQuery it works totally fine, OPTIONS doesn't get sent and everything is ok.

[Lee Whitney]

Interesting.  At the bottom they are both calling XmlHttpRequest.

One quick test would be to set a break point on XmlHttpRequest in Angular and also on XmlHttpRequest in JQuery, and see if the arguments used are different...

---

Date: Thu, 31 Jan 2013 00:57:21 -0800
From: alt...@gmail.com
To: ang...@googlegroups.com
Subject: [AngularJS] Re: CORS problem wit chrome extensions

--
You received this message because you are subscribed to the Google Groups "AngularJS" group.
To unsubscribe from this group and stop receiving emails from it, send an email to angular+u...@googlegroups.com.
To post to this group, send email to ang...@googlegroups.com.
Visit this group at http://groups.google.com/group/angular?hl=en-US.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[coco_k]

this is not related to cors because cors is a server side solution..when you use $.get you're using jsonp then your response is something like this

function({"xx" : 10, "qq" : 12})

instead of:

{"xx" : 10, "qq" : 12}

using that callback did the trick for "jump" the same origin p...


reading the api you can see this:

 $http service is a core Angular service that facilitates communication with the remote HTTP servers via browser's XMLHttpRequest object or via JSONP.

so..I suppose (not sure because I've not try it) than you need use jsonp instead xmlhttprequest which is the default...


http://docs.angularjs.org/api/ng.$http ...