I'm trying to manually set an origin in an ajax request header. In my background.js, I have this
var ajaxResponse;
$.ajax({
type:'POST',
url:'www.somewebsite/login/login.asp',
headers:{
'origin': ''
},
success: function(response){
ajaxResponse = response;
}
});
As you can see, the origin is changed. But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolacc and the console gives error 'Refused to set unsafe header "origin"'
I've followed Chrome API (.html), and already set the permission as follows
"permissions": [
"/*"
],
Does anyone know how to properly set the origin in header? Thanks!
I'm trying to manually set an origin in an ajax request header. In my background.js, I have this
var ajaxResponse;
$.ajax({
type:'POST',
url:'www.somewebsite./login/login.asp',
headers:{
'origin': 'https://www.somewebsite.'
},
success: function(response){
ajaxResponse = response;
}
});
As you can see, the origin is changed. But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolacc and the console gives error 'Refused to set unsafe header "origin"'
I've followed Chrome API (http://developer.chrome./extensions/xhr.html), and already set the permission as follows
"permissions": [
"https://www.somewebsite./*"
],
Does anyone know how to properly set the origin in header? Thanks!
Share Improve this question edited Jan 1, 2014 at 0:57 Maria asked Jan 1, 2014 at 0:49 MariaMaria 3,5357 gold badges35 silver badges49 bronze badges 3- You can't. Why are you trying to change the origin? – abraham Commented Jan 1, 2014 at 3:41
- @abraham, we should be able to. In Chrome Extension API it says 'Regular web pages can use the XMLHttpRequest object to send and receive data from remote servers, but they're limited by the same origin policy. Extensions aren't so limited. An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.' (developer.chrome./extensions/xhr.html) – Maria Commented Jan 1, 2014 at 13:27
- That is correct that extensions are not restricted to by cross-origin but you don't do that by changing the origin. You just make the XHR request and Chrome won't block it. – abraham Commented Jan 1, 2014 at 16:12
1 Answer
Reset to default 6You probably misinterpreted the docs:
the extension can request access to remote servers outside of its origin
This means that the extension can send the request to the remote servers (i.e. the browser itself will not block the request as would happen with a normal web-page's JS).
This does not mean that the extension will be allowed to send arbitrary headers along with the request nor that the remote server will respond to the request.
So, if the remote server, requires a specific value for the Origin header, then there is nothing you can do, since according to the specs you are not allowed to set the Origin header (and this limitation also holds for extensions).