Chrome扩展程序将数据发布到Rails服务器跨域XMLHttpRequest
[英]Chrome Extension Post Data to Rails Server Cross-Origin XMLHttpRequest
问题描述
I'm currently trying to develop a chrome extension that can retrieve text from a https webpage to my server which only deals with http. 
我目前正在尝试开发一个chrome扩展程序,该扩展程序可以从https网页检索文本到我的仅处理http的服务器。 I've looked into this tutorial and this question . 我已经研究了本教程和这个问题 。
From these, I deduced that in order for me to have cross-origin xhr working, I need to 从这些推论中,我得出结论,为了使跨源xhr工作,我需要
- set manifest permissions to include the urls that I am targetting 设置清单权限以包括我要定位的网址
For this, my permissions look like the following: 为此,我的权限如下所示:
"permissions": [
"tabs", "<all_urls>"
]
I had specific urls typed in but had to take them out after I've packed mine and change mine to be "< all_urls >". 我输入了特定的URL,但是在打包完我的并将我的URL更改为“ <all_urls>”之后,必须将其取出。
- create a XMLHttpRequest to the designated url 创建一个XMLHttpRequest到指定的URL
For this, excerpt of my code look like this: 为此,我的代码节选如下:
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
document.getElementById("response").innerText = xhr.responseText;
console.log(xhr.responseText);
}
};
xhr.open("POST", MY_SERVER_URL, true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.send(message.toString());
MY_SERVER_URL is a valid url that I've checked over and over but for many reasons I am unable to specify with this question ;( MY_SERVER_URL是我已经一遍又一遍检查的有效URL,但是由于许多原因,我无法使用此问题指定;(
message is an array that holds a series of different messages that I would like to send to my server. message是一个数组,其中包含一系列我想发送到服务器的不同消息。
- pack my extension code and install it 打包我的扩展代码并安装
Following the packaging guide from google, I have pacakged my folder into a .crx file and drag-dropped it into my chrome://extensions page for installation. 按照Google的打包指南 ,我已经将文件夹打包为.crx文件,并将其拖放到chrome://extensions页面中进行安装。
- on my server, have
rack corsgem installed.在我的服务器上,安装了rack corsgem。
I have the following line in my Gemfile in the server: 我在服务器的Gemfile中有以下行:
gem 'rack-cors', :require => 'rack/cors'
Yet, I still get the following error message when I try to send data to my server 但是,当我尝试将数据发送到服务器时,仍然收到以下错误消息
Mixed Content: The page at MESSAGE_PARSING_URL was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint MY_SERVER_URL. This request has been blocked; the content must be served over HTTPS.
What could I be doing wrong? 我可能做错了什么? I would really appreciate any help. 我真的很感谢您的帮助。 Thanks :D 感谢:D
2 个解决方案
解决方案1
2 2016-01-18 11:12:39
If you're making an insecure (http) request from a content script of a secured page (https), then you'll get Mixed Content error. 如果您从安全页面(https)的内容脚本发出不安全(http)请求,则会收到“ Mixed Content错误。
You have 3 options to solve the problem: 您有3种解决方案:
- Make secure requests from the content script to your server 从内容脚本向服务器发出安全请求
- Still use the insecure requests, but make them from the background script. 仍然使用不安全的请求,但是从后台脚本发出请求。 And pass the result to your content script using message passing 并使用消息传递将结果传递到您的内容脚本
- Start chrome with
--allow-running-insecure-contentflag.使用--allow-running-insecure-content标志启动chrome。 But it's not a practical solution, useful only for development (when your staging is on http).但这不是一个实用的解决方案,仅对开发有用(当您的暂存器位于http上时)。
解决方案2
0 2016-01-19 08:43:31
You should apply a certificate for your server and use https instead. 您应该为服务器应用证书,并使用https代替。 According to W3C Recommendation for Cross-Origin Resource Sharing : 根据W3C关于跨域资源共享的建议 :
- The origin of the resource blacklisted.
- The origin of the resource is known to be part of an intranet.
- The URL <scheme> is not supported.
- https to http is not allowed.
- https is not allowed because of certificate errors
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.