stackoom
  简体   繁体   中英

What are the limitations on AJAX requests in Chrome Apps?

 原文  2013-12-10 21:37:28       javascript/ ajax/ google-chrome-app

Question

I am planning a Chrome App project where I will be performing numerous AJAX calls. Before settling on Chrome Apps as platform of choice, I would like to have a better understanding of its limitations and advantages regarding AJAX calls compared to web apps. Having conducted some research, I came up with the answers below. Since I have limited experience in this area, I would like to know if my findings are correct and if there are other limitations that should be considered.

1. Origin

Limitations regarding origins are more flexible for Chrome Apps than for web apps: The same-origin policy related to AJAX requests can be relaxed in the app's manifest by requesting cross-origin permissions . Therefore, there is no need for techniques like Cross-Origin Resource Sharing (CORS) and JSONP (which is in fact prohibited by the Content Security Policy (CSP)).

2. Content

Limitations regarding accessible content are more severe: Chrome Apps can only refer to scripts, stylesheets, images, frames, plugins and fonts within the app, but media resources (video, audio, and associated text tracks) can be loaded from any external resource. The 'connect-src' directive is set to allow for loading any URI, so given cross-origin permissions or using CORS, one can make AJAX calls to all hosts and receive text and media type responses. Other content types can be served as blobs. The CSP can not be relaxed.

(A peculiarity I found: As stated, CSP forbids loading several content types, therefore one has to load them as blobs via AJAX requests. As a result of the same-origin policy, this would have to be done via CORS. Most servers don't have CORS enabled, even if their content is public. Therefore, if Chrome Apps enforced 'Access-Control-Allow-Origin' (ACAO) response headers at all times, the CORS approach would fail in a lot of cases. The solution to this problem is cross-origin permissions: If a permission was given to access a server, even if no appropriate ACAO header is received, the request is let through. But one can rely on CORS alone too: If no cross-origin permission is granted, but the request is made to a server with wildcard ACAO settings , it is also let through.)

Two additional things to note:

  • Some documentation of Chrome Apps refers to extensions instead of apps. In these cases I assume that the information provided there is correct for apps too.
  • Synchronous XHR requests are disabled.

1 answers

solution1
 0  2013-12-27 04:40:27

Unfortunately, you'll just have to test this all out. I've found the Google docs (especially with Chrome apps) to be very lacking and frequently wrong. Going through the docs, it appears they wrote them for extensions, copied all the docs over and then when they encountered a difference, they changed the docs but did not cover everything.

As for accessing external sources, follow these "instructions": http://developer.chrome.com/apps/app_external.html#external

And if you find an issue, report it BOTH here and https://code.google.com/p/chromium/issues/list

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question What are the limitations of using Electron to build Mac Apps? Concurrent Ajax requests in Chrome Understanding what AJAX is capable of and its limitations Chrome ajax requests are stuck pending Intercepting AJAX requests on Chrome for iOS? What is the responseXML in an ajax requests? How to avoid "fake" AJAX requests in Chrome extension Chrome is only queuing 2 ajax requests at a time Perform multiple ajax requests in background in Chrome extension Limitations of ajax requests when building a javascript widget api for third party sites. (like sharethis, uservoice, etc)
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM