从 v38 开始，Chrome 扩展程序无法再从 HTTP URL 加载，解决方法? [英] Since v38, Chrome extension cannot load from HTTP URLs anymore, workaround?

问题描述

我们网站的用户运行我们的 Chrome 插件，除其他外，它通过 XMLHttpRequest 执行跨域请求，如 Chrome 扩展开发页面.这已经运行了几年了.但是，自从我们的用户升级到最新版本的 Chrome (v38) 后，这些请求都失败了.我们的网站在 HTTPS 上运行，并且通过我们的内容脚本加载的一些 URL 是在 HTTP 上.消息是:

The users of our website run our Chrome plugin which, amongst other things, performs cross-origin requests via XMLHttpRequest as described on the Chrome extension development pages. This has been running just fine for a few years now. However, ever since our users upgraded to the latest version of Chrome (v38), these requests have failed. Our site runs on HTTPS and some of the URLs loaded via our content script are on HTTP. The message is:

[阻止] 'https://www.ourpage.com/' 的页面已加载HTTPS，但从http://www.externalpage.com"运行不安全的内容:此内容也应通过 HTTPS 加载.

[blocked] The page at 'https://www.ourpage.com/' was loaded over HTTPS, but ran insecure content from 'http://www.externalpage.com': this content should also be loaded over HTTPS.

发生错误的报告行在我发出 HTTP 调用的内容脚本中:

The reported line where the error occurred is in the content script where I'm issuing the HTTP call:

xhr.send(null);

我无法控制外部页面，我宁愿不从我们自己的页面中删除 SSL.问题:这是一个错误还是有我不知道的解决方法?

I have no control over the external page and I would rather not remove SSL from our own page. Question: Is this a bug or is there a workaround that I am not aware of?

(注意:manifest中的权限一直设置为<all_urls>，已经运行了很长时间.设置为http://*/而 https://*/ 没有帮助.)

(Note: The permissions in the manifest were always set to <all_urls> which had worked for a long time. Setting it to http://*/ and https://*/ did not help.)

推荐答案

如果可能，请使用该外部页面的 https 版本.

If possible, use the https version of that external page.

如果这不可能，请使用后台页面来处理 AJAX 请求(示例).

If that is not possible, use the background page to handle the AJAX request (example).

这篇关于从 v38 开始，Chrome 扩展程序无法再从 HTTP URL 加载，解决方法?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！