堆栈内存溢出
  简体   繁体   English

使用沙箱从Chrome应用发出Ajax请求

[英]Making ajax request from Chrome app with sandbox

 原文  2015-02-17 13:26:27       javascript/ google-chrome/ google-chrome-extension/ google-chrome-app

问题描述

I try to make an ajax call from my sandboxed page in my chrome app but i get this error : 我尝试从chrome应用程序中的沙盒页面进行ajax调用,但出现此错误:

XMLHttpRequest cannot load https://myserver.com/test . XMLHttpRequest无法加载https://myserver.com/test The 'Access-Control-Allow-Origin' header has a value ' https://myserver.com ' that is not equal to the supplied origin. “ Access-Control-Allow-Origin”标头的值“ https://myserver.com ”不等于提供的来源。 Origin 'null' is therefore not allowed access. 因此,不允许访问原始“空”。

It seems that the cross domain is not allowed but in a sandboxed app it should be .. Where is the mistake ? 似乎不允许跨域,但是在沙盒应用程序中应该允许跨域。错误在哪里?

Manifest.json : Manifest.json: 

{
    "name": "app",
    "description": "app",
    "version": "0.1",
    "manifest_version": 2,
    "permissions": [
        "http://*/*",
        "https://*/*",
        "unlimitedStorage",
        "contextMenus",
        "cookies",
        "tabs",
        "notifications",
        "storage"
    ],
    "sandbox": {
        "pages": [
            "index.html"
        ]
    },
    "app": {
        "background": {
            "scripts": [
                "src/background.js"
            ]
        }
    },
    "icons": {
        "16": "img/favicon.png",
        "128": "img/favicon.png"
    }
}

container.html : container.html: 

<!DOCTYPE html>
 <html>
 <body>
    <iframe sandbox="allow-same-origin allow-scripts allow-popups allow-forms allow-pointer-lock allow-top-navigation" src="index.html" id="MdwSandBox1" width="800px" height="800px"></iframe>
 </body>
 </html>

background.js : background.js: 

chrome.app.runtime.onLaunched.addListener(function() {
  chrome.app.window.create('container.html', {
    'bounds': {
      'width': 800,
      'height': 800
    }
  });
});

1 个解决方案

解决方案1
 1 已采纳  2015-02-17 14:05:28

According to the docs : 根据文档

A sandboxed page is not subject to the Content Security Policy (CSP) used by the rest of the app or extension (it has its own separate CSP value). 沙盒页面不受其他应用程序或扩展程序使用的内容安全策略(CSP)的约束(它具有自己的单独的CSP值)。 This means that, for example, it can use inline script and eval. 这意味着,例如,它可以使用内联脚本和eval。

However: 然而:

If not specified, the default content_security_policy value is sandbox allow-scripts allow-forms . 如果未指定,则默认的content_security_policy值为sandbox allow-scripts allow-forms You can specify your CSP value to restrict the sandbox even further, but it must have the sandbox directive and may not have the allow-same-origin token (see the HTML5 specification for possible sandbox tokens). 您可以指定CSP值以进一步限制沙箱,但它必须具有沙箱指令, 并且可能没有allow-same-origin令牌 (有关可能的沙箱令牌,请参见HTML5规范)。

So you can't make this API call. 因此,您无法进行此API调用。

You can, however, make an API call from the app and pass the result to the iframe using postMessage . 但是,您可以从应用程序进行API调用,然后使用postMessage将结果传递到iframe。 The second way is to add required headers to your back-end - if you can control it. 第二种方法是将必需的标头添加到后端-如果可以控制的话。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 使用jQuery从PhoneGap应用向Node JS服务器发出AJAX请求 - Making an AJAX request with jQuery from PhoneGap app to Node JS server 根据jQuery中的Ajax请求制作Ajax表单 - Making an Ajax form from an Ajax request in jQuery 防止chrome扩展进行ajax调用 - Prevent chrome extension from making ajax calls Chrome应用的文件沙箱在哪里? - Where is the file sandbox for a Chrome app? 无法从ajax请求响应中做出决定 - Trouble making a decision from an ajax request response 从 javascript 发出 ajax 请求 onclick - making an ajax request from javascript onclick 从PageMod ContentScriptFile发出Ajax请求 - Making Ajax Request From PageMod ContentScriptFile 取消来自 Chrome 开发者工具的 ajax 请求 - Cancel ajax request from chrome developer tools 发出简单的 Ajax 请求 - Making a simple Ajax request 在Chrome应用沙箱中加载脚本文件 - Loading a script file in a Chrome App Sandbox
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM