尽管添加了正确的权限,但 Chrome 扩展中仍禁止 XHR?
我目前正在开发 Matlab API搜索我的开发者多功能框扩展,以及我遇到了一个奇怪的 XHR 问题(想知道 Chrome 最近是否发生了一些变化)。
当扩展尝试从 http://www.mathworks 获取 API 函数列表时。 com/help/techdoc/ref/funcalpha.html,XHR 失败并显示“Access-Control-Allow-Origin”。我过去在其他一些扩展中见过这种失败,但通常是由于忘记在清单中声明适当的权限而导致的。但是,我的清单在权限列表中包含“http://www.mathworks.com/”,所以我不明白为什么会失败。我看到有人提到内容脚本中不允许使用跨源 XHR,但这是包含在背景页面中的脚本,而不是内容脚本,所以我很困惑为什么会失败。
注意:我使用的是 Chrome 14(开发频道)。我很想知道这是最近在 Chrome 14 中出现的问题,但在早期版本的 Chrome 中运行良好,还是我只是在代码中做了一些愚蠢的事情。如果 Chrome 14 中出现问题,我们将不胜感激任何解决方法的建议。
清单:
{
"name":"Matlab API Search",
"description":"Adds support to the omnibox to search the Matlab API.",
"background_page":"background.html",
"icons":{"128":"icon128.png", "32":"icon32.png", "16":"icon16.png"},
"omnibox":{"keyword":"matlab"},
"permissions":[
"tabs",
"http://www.mathworks.com/"
],
"version":"1.0"
}
XHR 调用:
xhr("http://www.mathworks.com/help/techdoc/ref/funcalpha.html",
function(url, req) {
// ...
},
function(url, req) {
// ...
}).send(null);
其中 xhr 函数定义如下:
function xhr(url, ifexists, ifnotexists, retry_interval) {
var retry_time = retry_interval || 5;
var req = new XMLHttpRequest();
console.log("Fetching: " + url);
req.open("GET", url);
req.onreadystatechange=function(){
if (req.readyState == 4){
var status=req.status;
if ((status == 200) || (status == 301) || (status == 302)) {
ifexists(url, req);
} else {
ifnotexists(url, req);
setTimeout(function() { xhr(url, ifexists, ifnotexists, retry_time + 5).send(null); }, retry_time);
}
}
};
return req;
}
注意
我还尝试了以下权限:(
http://www.mathworks.com/*
http://*.mathworks.com/*
*://www.mathworks.com/*
*://*.mathworks.com/*
*://*
http://*/*
无论如何,我不想使用“所有网站上的所有数据”,但这似乎意味着我声明权限的方式不是问题,这就是为什么我非常困惑)。
版本
14.0.803.0(官方版本 90483)开发
更新
我已提交此 Chrome 错误,因为我认为这是实际上是 Chrome 中的一个错误。然而,如果这个问题没有得到解决,我真的很感激任何可以使这项工作发挥作用的解决方法。
I am currently working on a Matlab API Search addition to my developer omnibox extensions, and am running up against a weird XHR issue (wondering if perhaps something changed recently in Chrome).
When the extension attempts to fetch the API function list from http://www.mathworks.com/help/techdoc/ref/funcalpha.html, the XHR fails with "Access-Control-Allow-Origin". I have seen this failure in the past with some of my other extensions, but usually it was the result of forgetting to declare the proper permissions in the manifest. However, my manifest includes "http://www.mathworks.com/" in the permissions list, so I don't understand why this is failing. I've seen some mention of cross-origin XHR being disallowed in content scripts, but this is a script included in a background page, not a content-script, so I'm confused as to why this is failing.
NOTE: I am using Chrome 14 (dev channel). I'm curious to know if this is something that recently broke in Chrome 14 that works fine in earlier versions of Chrome, or if I'm just doing something stupid in my code. If it is broken in Chrome 14, any suggestions of a workaround would be greatly appreciated.
Manifest:
{
"name":"Matlab API Search",
"description":"Adds support to the omnibox to search the Matlab API.",
"background_page":"background.html",
"icons":{"128":"icon128.png", "32":"icon32.png", "16":"icon16.png"},
"omnibox":{"keyword":"matlab"},
"permissions":[
"tabs",
"http://www.mathworks.com/"
],
"version":"1.0"
}
XHR Call:
xhr("http://www.mathworks.com/help/techdoc/ref/funcalpha.html",
function(url, req) {
// ...
},
function(url, req) {
// ...
}).send(null);
Where the xhr function was defined as follows:
function xhr(url, ifexists, ifnotexists, retry_interval) {
var retry_time = retry_interval || 5;
var req = new XMLHttpRequest();
console.log("Fetching: " + url);
req.open("GET", url);
req.onreadystatechange=function(){
if (req.readyState == 4){
var status=req.status;
if ((status == 200) || (status == 301) || (status == 302)) {
ifexists(url, req);
} else {
ifnotexists(url, req);
setTimeout(function() { xhr(url, ifexists, ifnotexists, retry_time + 5).send(null); }, retry_time);
}
}
};
return req;
}
NOTE
I have also tried the following permissions:
http://www.mathworks.com/*
http://*.mathworks.com/*
*://www.mathworks.com/*
*://*.mathworks.com/*
*://*
http://*/*
(I wouldn't want to use "All your data on all websites", anyway, but this seems to imply that it isn't an issue with the way I declared my permissions, which is why I'm incredibly confused).
Version
14.0.803.0 (Official Build 90483) dev
Update
I've filed this Chrome bug, since I think this is actually a bug in Chrome. However, in the event that this does not get fixed, I would really appreciate any sort of workaround that can make this work.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
在 URL 末尾添加 *,它是基于通配符的。
请参阅 http://code.google.com/chrome/extensions/match_patterns.html - 我们的一些文档似乎暗示它可以在没有 * 的情况下工作,但它不应该(参见“坏例子”)。
Add * on to the end of your URL, it is wildcard based.
See http://code.google.com/chrome/extensions/match_patterns.html - some of our documentation seems to imply that it works without the *, but it shouldn't (see "bad examples").