堆栈内存溢出
  简体   繁体   English

Chrome扩展程序:如何更改AJAX请求标头中的来源?

[英]Chrome Extension: how to change origin in AJAX request header?

 原文  2014-01-01 00:49:09       javascript/ ajax/ google-chrome-extension/ cross-domain/ same-origin-policy

问题描述

I'm trying to manually set an origin in an ajax request header. 我正在尝试在ajax请求标头中手动设置原点。 In my background.js, I have this 在我的background.js中,我有这个 

var ajaxResponse;
$.ajax({
    type:'POST',
    url:'www.somewebsite.com/login/login.asp',
    headers:{
            'origin': 'https://www.somewebsite.com'
    },
    success: function(response){
        ajaxResponse = response;
    }
});

As you can see, the origin is changed. 如您所见,原点已更改。 But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolacc and the console gives error 'Refused to set unsafe header "origin"' 但是当Chrome扩展程序执行时,原点会覆盖chrome-extension://iphajdjhoofhlpldiilkujgommcolacc并且控制台会出现错误“拒绝设置不安全标头”来源“'

I've followed Chrome API ( http://developer.chrome.com/extensions/xhr.html ), and already set the permission as follows 我已经关注Chrome API( http://developer.chrome.com/extensions/xhr.html ),并且已经设置了如下权限 

"permissions": [
     "https://www.somewebsite.com/*"
 ],

Does anyone know how to properly set the origin in header? 有谁知道如何在标题中正确设置原点? Thanks! 谢谢!

1 个解决方案

解决方案1
 6 已采纳  2014-01-01 16:17:23

You probably misinterpreted the docs : 你可能误解了文档
the extension can request access to remote servers outside of its origin 扩展可以请求访问其原始之外的远程服务器

This means that the extension can send the request to the remote servers (ie the browser itself will not block the request as would happen with a normal web-page's JS). 这意味着扩展可以将请求发送到远程服务器(即浏览器本身不会像普通网页的JS那样阻止请求)。
This does not mean that the extension will be allowed to send arbitrary headers along with the request nor that the remote server will respond to the request. 并不意味着扩展将被允许伴随该请求,也没有远程服务器响应请求发送任意的头。

So, if the remote server, requires a specific value for the Origin header, then there is nothing you can do, since according to the specs you are not allowed to set the Origin header (and this limitation also holds for extensions). 因此,如果远程服务器需要Origin标头的特定值,那么您无能为力,因为根据规范,您不允许设置Origin标头(此限制也适用于扩展)。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 没有Origin标头的Chrome扩展AJAX请求 - Chrome extension AJAX request without Origin header 未发送CORS请求的Microsoft Edge浏览器扩展ajax源头 - Microsoft Edge Browser Extension ajax for CORS request Origin Header not sent Chrome扩展程序中的Ajax请求 - Ajax request in Chrome extension 从Chrome扩展程序发送发布请求(来源?) - Sending Post Request from Chrome Extension (Origin?) Chrome将Origin标头添加到同源请求中 - Chrome adding Origin header to same-origin request 如何设置Origin Request Header - How to set the Origin Request Header Chrome扩展程序:如何修改从网页中的Ajax请求创建的元素? - Chrome extension: How to modify elements created from an Ajax request in a webpage? 如何在 Google Chrome 扩展程序中发送 ajax 请求? - How do I send an ajax request in a Google Chrome Extension? 在 chrome 扩展中使用 fetch 发送 null origin header - Using fetch in chrome extension sends null origin header 如何在chrome扩展和Node服务器之间启用跨源AJAX请求? - How can I enable cross-origin AJAX requests between my chrome extension and my Node server?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM