堆栈内存溢出
  简体   繁体   English

没有Origin标头的Chrome扩展AJAX请求

[英]Chrome extension AJAX request without Origin header

 原文  2014-03-23 23:32:05       javascript/ ajax/ google-chrome/ google-chrome-extension

问题描述

This is what an AJAX request made with jQuery from a Chrome extension looks like ( print_r() in php) 这是使用jQuery从Chrome扩展程序发出的AJAX请求print_r() php中的print_r() 

Array
(
    [HTTP_HOST] => 127.0.0.1
    [HTTP_CONNECTION] => keep-alive
    [CONTENT_LENGTH] => 0
    [HTTP_ACCEPT] => */*
    [HTTP_ORIGIN] => chrome-extension://apdckddecfflophongckfbabbjhnjbph
    [HTTP_USER_AGENT] => Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/32.0.1700.123 Safari/537.36
..

How can I remove the Origin header from an AJAX request before it leaves the browser? 如何从AJAX请求离开浏览器之前删除Origin标头?

2 个解决方案

解决方案1
 6  2014-03-24 09:35:29

Just add the website to the permissions section of your manifest file (see match patterns for the valid formats). 只需将网站添加到清单文件的权限部分 (请参阅有效格式的匹配模式 )。 Then the request will be treated as if it was sent from the same origin as the website, and the "Origin" request header will not be added. 然后,请求将被视为从与网站相同的来源发送,并且不会添加“Origin”请求标头。 

{
    ...
    "permissions": [
        "*://example.com/*"
    ]
}

(without this permission, Chrome will still try to fetch the resource using CORS , causing the "Origin" header to be added. Such requests will only succeed if the server replies with an Access-Control-Allow-Origin header that is either a wildcard ( * ) or matches the requester's origin.) (如果没有此权限,Chrome仍会尝试使用CORS获取资源,导致添加“Origin”标头。只有在服务器回复Access-Control-Allow-Origin标头(通配符)时,此类请求才会成功( * )或匹配请求者的来源。)

解决方案2
 2  2014-03-24 08:17:13

The origin header is added by browser automatically, and can't be controlled by user. 原始标题由浏览器自动添加,不能由用户控制。 It is a web principal which determine the origin of a piece of content from the URI. 它是一个Web主体,用于确定URI中内容的来源。 CORS also uses this header to determine if this cross-domain request could be accpeted or rejected. CORS还使用此标头来确定是否可以对此跨域请求进行处理或拒绝。

Origin header always be added in cross-origin request, some same-origin request might include it as well. 始终在跨源请求中添加Origin头,某些同源请求也可能包含它。 For example, Chrome and Safari will include the origin header on same-origin POST/PUT/DELETE request, it depends on browser implementation. 例如,Chrome和Safari会在同源POST / PUT / DELETE请求中包含原始标头,这取决于浏览器的实现。

Unfortunately, I think there is no way to remove this header. 不幸的是,我认为没有办法删除这个标题。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 Chrome扩展程序:如何更改AJAX请求标头中的来源? - Chrome Extension: how to change origin in AJAX request header? 未发送CORS请求的Microsoft Edge浏览器扩展ajax源头 - Microsoft Edge Browser Extension ajax for CORS request Origin Header not sent Chrome扩展程序中的Ajax请求 - Ajax request in Chrome extension 从Chrome扩展程序发送发布请求(来源?) - Sending Post Request from Chrome Extension (Origin?) Chrome将Origin标头添加到同源请求中 - Chrome adding Origin header to same-origin request 在 chrome 扩展中使用 fetch 发送 null origin header - Using fetch in chrome extension sends null origin header 为什么 Chrome 扩展没有在跨域请求中设置 PHP Cookie? - Why is PHP Cookie not set in cross-origin request by the chrome extension? Cross Origin Chrome扩展程序 - Cross Origin Chrome Extension Google Chrome扩展程序HTTPS Ajax请求 - Google Chrome Extension HTTPS Ajax Request AJAX请求中不存在“ access-control-allow-origin”标头 - No 'access-control-allow-origin' header is present in AJAX request
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM