我需要提供哪些权限(如果有)我的Chrome扩展程序才能让它进行远程AJAX调用?
[英]What permissions (if any) I need to give my Chrome Extension to let it make remote AJAX calls?
问题描述
I've written a Chrome Extension for my library. 
我为我的图书馆编写了Chrome扩展程序。 It makes an AJAX call to api.library.edu (school's library). 它向api.library.edu (学校的图书馆)发出AJAX调用。
My extension uses jQuery and my code looks like this: 我的扩展使用jQuery,我的代码如下所示:
$.get("http://api.library.edu/?period=1month", function (data) {
// process data
});
When I load my Extension, it makes the AJAX call and I get data back. 当我加载我的扩展时,它进行AJAX调用,然后我恢复数据。
Right now I give absolutely no permissions to my extension ( permissions is [] ). 现在我完全没有权限扩展我的permissions ( permissions是[] )。
Is my extension going to work when I publish it? 我发布时我的扩展程序是否正常工作? Shouldn't it require special permissions to make AJAX calls with jQuery? 它不应该需要特殊权限来使用jQuery进行AJAX调用吗?
Thanks! 谢谢! I'm just making sure I wrote my extension correctly. 我只是确保我正确地写了我的扩展程序。
1 个解决方案
解决方案1
3 已采纳 2015-08-04 00:58:31
Your extension does not need any additional permissions to make AJAX calls from within the same origin. 您的扩展程序不需要任何其他权限即可在同一来源中进行AJAX调用。 However, if api.library.edu does not set the proper CORS headers, you may need to request cross-origin permission for that domain: 但是,如果api.library.edu未设置正确的CORS标头,您可能需要为该域请求跨域权限:
{
"name": "My extension",
...
"permissions": [
"http://api.library.edu/"
],
...
}
From Google's Docs: 来自Google的文档:
Each running extension exists within its own separate security origin.
...
By adding hosts or host match patterns (or both) to the permissions section of the manifest file, the extension can request access to remote servers outside of its origin.
If your extension is already working though, that would lead me to believe that the library API already has cross-domain headers set, and that you will not need any additional permissions. 如果您的扩展程序已经正常工作,那么这会让我相信库API已经设置了跨域标头,并且您不需要任何其他权限。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.