Access-Control-Allow-Origin不允许“Chrome扩展程序”的含义?
[英]Meaning of “Chrome-extension is not allowed by Access-Control-Allow-Origin”?
问题描述
Its my first time developing Google Chrome Extentions, my goal is to retrieve a URL from a REST service that i host on my local machine, and display it on a popup...this is the code im using : 
这是我第一次开发Google Chrome Extentions,我的目标是从我在本地计算机上托管的REST服务中检索URL,并在弹出窗口中显示...这是我使用的代码:
<style>
body {
min-width:357px;
overflow-x:hidden;
}
</style>
<script>
var req = new XMLHttpRequest();
req.open(
"GET",
"http://URLTORESTSERVICE/Items",
true);
req.onload = showWorklistItems;
req.send(null);
function showWorklistItems() {
var worklistitems = req.responseXML.getElementsByTagName("WorklistItem");
for (var i = 0, wli; wli = worklistitems[i]; i++) {
var link = document.createElement('a');
link.setAttribute('href', constructWLIURL(wli));
document.body.appendChild(link);
}
}
function constructWLIURL(wli) {
return "testing" + wli.getAttribute("SerialNumber");
}
</script>
But I get this error when i execute: 但是执行时出现此错误:
XMLHttpRequest cannot load http://URLTORESTSERVICE/Items. Origin chrome-extension://caioejefhikijgcaondigdaaobomailk is not allowed by Access-Control-Allow-Origin.
2 个解决方案
解决方案1
3 2011-12-07 16:52:09
You're hitting CORS or "cross-origin resource sharing". 你正在进行CORS或“跨域资源共享”。 http://enable-cors.org/ is a good resource on the subject. http://enable-cors.org/是一个很好的资源。 Its caused by your request not originating on the same domain as the data service. 它是由您的请求不是源自与数据服务相同的域引起的。
In order for you to use the data in an ajax request from another domain, you'll want to ask the data provider to add a CORS header similar to the following to their http response. 为了使您可以使用来自另一个域的ajax请求中的数据,您需要让数据提供者在其http响应中添加类似于以下内容的CORS标头。 (Note: JSONP while dangerous, works around this issue.) (注意:JSONP虽然很危险,但可以解决这个问题。)
Access-Control-Allow-Origin: *
EDIT: I see you are the data provider - output that header and you'll be set. 编辑:我看到你是数据提供者 - 输出标题,你将被设置。
解决方案2
0 2011-12-07 16:49:22
Access-Control-Allow-Origin is a header sent (or not) by your server. Access-Control-Allow-Origin是服务器发送(或不发送)的标头。 Certain browsers (notably Chrome and Firefox) respect this header in respect of cross-domain requests. 某些浏览器(尤其是Chrome和Firefox)会在跨域请求中使用此标头。 This means that unless the originating domain is listed in that header, the browser will refuse perform the request (or at least, fully). 这意味着除非在该标头中列出了原始域,否则浏览器将拒绝执行请求(或至少完全执行)。
You could alter your local server to set the header correctly, or perhaps you could alter chrome's settings somehow to stop treating what you are doing as a cross-domain request. 您可以更改本地服务器以正确设置标头,或者您可能以某种方式更改chrome的设置以停止将您正在执行的操作视为跨域请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.