问题
Is it possible to use CORS when writing a google chrome extension?
I saw this, http://developer.chrome.com/extensions/contentSecurityPolicy.html
And I tried inserting this into the manifest, "content_security_policy": "script-src 'self' https://twitter.com/; object-src 'self'",
but an ajax requestion fails with XMLHttpRequest cannot load https://twitter.com/. Origin chrome-extension://olimhkjfpndfhdopbneamnekfalckinc is not allowed by Access-Control-Allow-Origin.
回答1:
To enable cross-origin Ajax from your extension to Twitter, you simply need to list Twitter as a host permission in your manifest:
...
"permissions": [
"*://*.twitter.com/*"
],
...
回答2:
As of Chrome 73, cross site requests are blocked. (Even if you have the hosts in your permissions property.) Some sites seem to get through unblocked but googleapis.com didn't.
You have to make the request in a background page. Check out step 2 of the Recommended Developer Actions section here:
https://www.chromium.org/Home/chromium-security/extension-content-script-fetches
If you do anything like console.log(), click the "inspect views background page" link in your extension's square in chrome's extensions manager and you'll get a separate dev tools window for everything that happens with your background page.
This really threw me for a couple days. Hope it saves someone else some time.
来源:https://stackoverflow.com/questions/12357485/cors-chrome-extension-with-manifest-version-2