javascript Chrome 扩展:如何更改 AJAX 请求标头中的来源?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/20864629/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Chrome Extension: how to change origin in AJAX request header?
提问by Maria
I'm trying to manually set an origin in an ajax request header. In my background.js, I have this
我正在尝试在 ajax 请求标头中手动设置原点。在我的 background.js 中,我有这个
var ajaxResponse;
$.ajax({
type:'POST',
url:'www.somewebsite.com/login/login.asp',
headers:{
'origin': 'https://www.somewebsite.com'
},
success: function(response){
ajaxResponse = response;
}
});
As you can see, the origin is changed. But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolaccand the console gives error 'Refused to set unsafe header "origin"'
如您所见,原点已更改。但是当这个 Chrome 扩展被执行时,原点被覆盖chrome-extension://iphajdjhoofhlpldiilkujgommcolacc并且控制台给出错误“拒绝设置不安全的标题“原点””
I've followed Chrome API (http://developer.chrome.com/extensions/xhr.html), and already set the permission as follows
我遵循了 Chrome API ( http://developer.chrome.com/extensions/xhr.html),并且已经将权限设置如下
"permissions": [
"https://www.somewebsite.com/*"
],
Does anyone know how to properly set the origin in header? Thanks!
有谁知道如何在标题中正确设置原点?谢谢!
采纳答案by gkalpak
You probably misinterpreted the docs:
the extension can request access to remote servers outside of its origin
您可能误解了文档:
扩展可以请求访问其来源之外的远程服务器
This means that the extension can send the request to the remote servers (i.e. the browser itself will not block the request as would happen with a normal web-page's JS).
This does notmean that the extension will be allowed to send arbitraryheaders along with the request nor that the remote server will respond to the request.
这意味着扩展可以将请求发送到远程服务器(即浏览器本身不会像普通网页的 JS 那样阻止请求)。
但这并不意味着扩展将被允许发送任意伴随该请求,也没有远程服务器响应请求头。
So, if the remote server, requires a specific value for the Originheader, then there is nothing you can do, since according to the specsyou are not allowed to set the Originheader (and this limitation also holds for extensions).
因此,如果远程服务器需要Origin标头的特定值,那么您无能为力,因为根据规范,您不得设置Origin标头(并且此限制也适用于扩展)。
