I try to get the html page from a internal webserver in my js code, and parse it to make bookmarks.
At the moment I have problems with Access-Control-Allow-Origin, but the permissions are set !
{
"manifest_version": 2,
"name": "test",
"description": "test",
"version": "1.0",
"options_page":"config.html",
"browser_action": {
"default_popup": "test.html",
"permissions": [
"*://*/*"
],
"content_security_policy": "script-src 'self' https://example.com; object-src 'self'"
}
}
I try the code from the example here : https://developer.chrome.com/extensions/xhr :
var xhr = new XMLHttpRequest();
xhr.open("GET", "http://api.example.com/data.json", true);
xhr.onreadystatechange = function() {
if (xhr.readyState == 4) {
// JSON.parse does not evaluate the attacker's scripts.
var resp = JSON.parse(xhr.responseText);
}
}
xhr.send();
But I get the error
XMLHttpRequest cannot load http://api.example.com/data.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://nnbpdlokhkemfjmfkmlfnjonmeaccdmo' is therefore not allowed access.
I'm pretty lost !
Actually I want to do that (that doesn't work either) :
function httpGet(url,user,pass)
{
var xmlHttp = null;
xmlHttp = new XMLHttpRequest();
xmlHttp.open( "GET",url, false );
xmlHttp.setRequestHeader("Authorization", "Basic " + btoa(user + ":" +pass))
xmlHttp.send( null );
response= xmlHttp.responseText;
startT=response.indexOf("menuData = [");
//alert(startT);
Text=response.substr(startT+11 );
Text=Text.substr(0,Text.indexOf("\n"));
var obj = eval (Text)
return Text
}
permissionssection of the manifest should be an independent entry, not located insidebrowser_action- rsanchez