[英]Chrome Extension Post Data to Rails Server Cross-Origin XMLHttpRequest
I'm currently trying to develop a chrome extension that can retrieve text from a https webpage to my server which only deals with http. 我目前正在尝试开发一个chrome扩展程序,该扩展程序可以从https网页检索文本到我的仅处理http的服务器。 I've looked into this tutorial and this question . 我已经研究了本教程和这个问题 。
From these, I deduced that in order for me to have cross-origin xhr working, I need to 从这些推论中,我得出结论,为了使跨源xhr工作,我需要
For this, my permissions look like the following: 为此,我的权限如下所示:
"permissions": [
"tabs", "<all_urls>"
]
I had specific urls typed in but had to take them out after I've packed mine and change mine to be "< all_urls >". 我输入了特定的URL,但是在打包完我的并将我的URL更改为“ <all_urls>”之后,必须将其取出。
For this, excerpt of my code look like this: 为此,我的代码节选如下:
var xhr = new XMLHttpRequest();
xhr.onreadystatechange = function() {
if (xhr.readyState == 4 && xhr.status == 200) {
document.getElementById("response").innerText = xhr.responseText;
console.log(xhr.responseText);
}
};
xhr.open("POST", MY_SERVER_URL, true);
xhr.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
xhr.send(message.toString());
MY_SERVER_URL is a valid url that I've checked over and over but for many reasons I am unable to specify with this question ;( MY_SERVER_URL是我已经一遍又一遍检查的有效URL,但是由于许多原因,我无法使用此问题指定;(
message is an array that holds a series of different messages that I would like to send to my server. message是一个数组,其中包含一系列我想发送到服务器的不同消息。
Following the packaging guide from google, I have pacakged my folder into a .crx file and drag-dropped it into my chrome://extensions
page for installation. 按照Google的打包指南 ,我已经将文件夹打包为.crx文件,并将其拖放到chrome://extensions
页面中进行安装。
rack cors
gem installed. 在我的服务器上,安装了rack cors
gem。 I have the following line in my Gemfile in the server: 我在服务器的Gemfile中有以下行:
gem 'rack-cors', :require => 'rack/cors'
Yet, I still get the following error message when I try to send data to my server 但是,当我尝试将数据发送到服务器时,仍然收到以下错误消息
Mixed Content: The page at MESSAGE_PARSING_URL was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint MY_SERVER_URL. This request has been blocked; the content must be served over HTTPS.
What could I be doing wrong? 我可能做错了什么? I would really appreciate any help. 我真的很感谢您的帮助。 Thanks :D 感谢:D
If you're making an insecure (http) request from a content script of a secured page (https), then you'll get Mixed Content
error. 如果您从安全页面(https)的内容脚本发出不安全(http)请求,则会收到“ Mixed Content
错误。
You have 3 options to solve the problem: 您有3种解决方案:
--allow-running-insecure-content
flag. 使用--allow-running-insecure-content
标志启动chrome。 But it's not a practical solution, useful only for development (when your staging is on http). 但这不是一个实用的解决方案,仅对开发有用(当您的暂存器位于http上时)。 You should apply a certificate for your server and use https instead. 您应该为服务器应用证书,并使用https代替。 According to W3C Recommendation for Cross-Origin Resource Sharing : 根据W3C关于跨域资源共享的建议 :
- The origin of the resource blacklisted. 资源的来源已列入黑名单。
- The origin of the resource is known to be part of an intranet. 已知资源的来源是Intranet的一部分。
- The URL <scheme> is not supported. 不支持URL <方案>。
- https to http is not allowed. 不允许https到http。
- https is not allowed because of certificate errors 由于证书错误,不允许使用https
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.