stackoom
  简体   繁体   中英

Meaning of “Chrome-extension is not allowed by Access-Control-Allow-Origin”?

 原文  2011-12-07 13:57:59       html/ json/ google-chrome

Question

Its my first time developing Google Chrome Extentions, my goal is to retrieve a URL from a REST service that i host on my local machine, and display it on a popup...this is the code im using : 

<style>
body {
    min-width:357px;
    overflow-x:hidden;
}
</style>

<script>
var req = new XMLHttpRequest();
req.open(
    "GET",
    "http://URLTORESTSERVICE/Items",
    true);
req.onload = showWorklistItems;
req.send(null);

function showWorklistItems() {
    var worklistitems = req.responseXML.getElementsByTagName("WorklistItem");
    for (var i = 0, wli; wli = worklistitems[i]; i++) {
    var link = document.createElement('a');
    link.setAttribute('href', constructWLIURL(wli));
    document.body.appendChild(link);
  }
}

function constructWLIURL(wli) {
    return "testing" + wli.getAttribute("SerialNumber");
}
</script>

But I get this error when i execute: 

XMLHttpRequest cannot load http://URLTORESTSERVICE/Items. Origin chrome-extension://caioejefhikijgcaondigdaaobomailk is not allowed by Access-Control-Allow-Origin.

2 answers

solution1
 3  2011-12-07 16:52:09

You're hitting CORS or "cross-origin resource sharing". http://enable-cors.org/ is a good resource on the subject. Its caused by your request not originating on the same domain as the data service.

In order for you to use the data in an ajax request from another domain, you'll want to ask the data provider to add a CORS header similar to the following to their http response. (Note: JSONP while dangerous, works around this issue.) 

Access-Control-Allow-Origin: *

EDIT: I see you are the data provider - output that header and you'll be set.

solution2
 0  2011-12-07 16:49:22

Access-Control-Allow-Origin is a header sent (or not) by your server. Certain browsers (notably Chrome and Firefox) respect this header in respect of cross-domain requests. This means that unless the originating domain is listed in that header, the browser will refuse perform the request (or at least, fully).

You could alter your local server to set the header correctly, or perhaps you could alter chrome's settings somehow to stop treating what you are doing as a cross-domain request.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Origin is not allowed by Access-Control-Allow-Origin Catching 'Origin is not allowed by Access-Control-Allow-Origin' error Origin null is not allowed by Access-Control-Allow-Origin using not local files XmlHttpRequest cannot load ajax call [my url]. Origin [my domain] is not allowed by Access-Control-Allow-Origin Simple <script> tag - Origin null is not allowed by Access-Control-Allow-Origin Access-Control-Allow-Origin by same domain? No 'Access-Control-Allow-Origin' Error Codeigniter ajax No 'Access-Control-Allow-Origin' allowing ACCESS-CONTROL-ALLOW-ORIGIN on wampserver CORS 'Access-Control-Allow-Origin' Missing
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM