我有一个 chrome 扩展,在内容脚本文件中我有这样的内容:
$(document).ready(function() {
var currentHostname = cleanHostname(window.location.hostname);
$.ajax({
url: BASEURL + 'checkSite',
dataType: 'json',
method: 'get',
data: {'hostname': currentHostname},
success: function(data) {
data = JSON.parse(data);
console.log(data);
}
});
});
此代码在非 https 网站上效果很好,因为 Chrome 允许在其上使用非 https 资源。但是,每当我访问 https 网站时,我都会得到以下信息:
Mixed Content: The page at 'https://www.google.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://localhost:8000/checkSite?hostname=google.com'. This request has been blocked; the content must be served over HTTPS.
这完全有道理。我理解这个政策。但我认为延期应该得到特殊对待。我该如何解决这个问题?我考虑过使用background.js 来完成所有ajax,然后进行消息传递,但我强烈希望避免这种情况,但如果需要的话我会的。
有人知道吗?
最佳答案
来自Here :
Requesting cross-origin permissions
permissions By adding hosts or host match patterns (or both) to the permissions section of the manifest file, the extension can request access to remote servers outside of its origin.
{
"name": "My extension",
...
"permissions": [
"http://www.google.com/"
],
...
}
关于javascript - 如何在安全站点上的 chrome 扩展内容脚本中正确执行 ajax?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/31217579/