[英]Chrome extension No 'Access-Control-Allow-Origin' header after 20 hours
I use chrome.identity.getAuthToken
to talk to some internal API. 我使用
chrome.identity.getAuthToken
与一些内部API进行通信。 Everything is perfect for the first 20 hours, I can call the API and get what I need. 前20个小时的一切都很完美,我可以调用API并获得我需要的东西。
After ~20 hours my extension stopped working and I get: 大约20个小时后,我的分机停止工作,我得到:
No 'Access-Control-Allow-Origin' header is present on the requested resource.
请求的资源上不存在“Access-Control-Allow-Origin”标头。 Origin ' https://MY_API ' is therefore not allowed access.
因此,不允许原点' https:// MY_API '访问。
I know that chrome.identity.getAuthToken
will renew expired tokens and I can see that at chrome://identity-internals/
, my code gets a new access token but cannot send the request. 我知道
chrome.identity.getAuthToken
将更新过期的令牌,我可以在chrome://identity-internals/
看到,我的代码获取了一个新的访问令牌但无法发送请求。
If I uninstall / install extension again then it's working again. 如果我再次卸载/安装扩展程序,那么它再次正常工作。
Manifest contains: 清单包含:
"permissions": [ "tabs", "activeTab", "cookies", "identity", "<all_urls>" ]
What happens when I re-install my extension that makes the bug go away? 当我重新安装我的扩展程序以使bug消失时会发生什么?
background.js: background.js:
chrome.identity.getAuthToken({interactive: true}, function(token) {
gapi.auth.setToken({'access_token': token});
// Load the storage API.
gapi.client.load(API_ROOT + DISCOVERY_PATH,
VERSION, function() {
// Initialize GAPI's OAuth.
gapi.auth.init(function() {
var request = "It's request to my API";
// Not working after 20 hours
request.execute(function(response) {
// do something
});
});
});
})
Also tried to call "chrome.identity.removeCachedAuthToken" but extension stopped working in 20 hours. 还尝试调用“chrome.identity.removeCachedAuthToken”,但扩展程序在20小时内停止工作。
on server " https://MY_API " set this settings: 在服务器“ https:// MY_API ”上设置此设置:
Header always append X-Frame-Options SAMEORIGIN
Header add Access-Control-Allow-Origin "*"
in .htaccess or httpd.conf (if server is httpd/apache) 在.htaccess或httpd.conf中(如果服务器是httpd / apache)
When you uninstall/reinstall the extension, its internal state is completely wiped; 卸载/重新安装扩展时,其内部状态完全被擦除; this makes your code get a completely fresh token, not refresh a previously-obtained one.
这使得您的代码获得了一个完全新鲜的令牌,而不是刷新以前获得的令牌。
As for Access-Control-Allow-Origin
header - this is a server-side response header, and we can only guess why this changes for some random 3rd-party API (that you didn't even name). 对于
Access-Control-Allow-Origin
标头 - 这是一个服务器端响应标头,我们只能猜测为什么这会改变一些随机的第三方API(你甚至没有命名)。 A reasonable guess is that you're hitting some rate-limiting or quota, though it's very strange to use CORS for that. 一个合理的猜测是你正在达到一些速率限制或配额,尽管使用CORS非常奇怪。
This particular error can be brushed aside permanently by requesting cross-origin permissions , which makes Chrome ignore CORS for requests from the extension (including content scripts). 通过请求跨源权限可以永久地将此特定错误放在一边,这使得Chrome忽略来自扩展(包括内容脚本)的请求的CORS。 However, you should double-check usage terms of the API, if any.
但是,您应该仔细检查API的使用条款(如果有)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.