从v38开始，Chrome扩展程序无法从HTTP网址加载，解决方法？ [英] Since v38, Chrome extension cannot load from HTTP URLs anymore, workaround?

问题描述

我们网站的用户运行Chrome插件，其中包括通过 Chrome上描述的XMLHttpRequest执行跨源请求扩展开发页面。这已经运行了好几年了。但是，自从我们的用户升级到最新版本的Chrome（v38）后，这些请求失败。我们的网站运行在HTTPS上，通过我们的内容脚本加载的一些URL是在HTTP上。讯息是：

The users of our website run our Chrome plugin which, amongst other things, performs cross-origin requests via XMLHttpRequest as described on the Chrome extension development pages. This has been running just fine for a few years now. However, ever since our users upgraded to the latest version of Chrome (v38), these requests have failed. Our site runs on HTTPS and some of the URLs loaded via our content script are on HTTP. The message is:

[blocked]该网页位于 https://www.ourpage.com/ 已通过
HTTPS加载，但从 http：// www.externalpage.com '：
此内容也应通过HTTPS加载。

[blocked] The page at 'https://www.ourpage.com/' was loaded over HTTPS, but ran insecure content from 'http://www.externalpage.com': this content should also be loaded over HTTPS.

发生错误的位置是发出HTTP调用的内容脚本：

The reported line where the error occurred is in the content script where I'm issuing the HTTP call:

xhr.send(null);

我无法控制外部页面，我不想从我们自己的页面中删除SSL。问题：这是一个错误还是有一个解决方法，我不知道？

I have no control over the external page and I would rather not remove SSL from our own page. Question: Is this a bug or is there a workaround that I am not aware of?

（注意：清单中的权限总是设置为< all_urls> 已经工作了很长时间。将它设置为 http：// * / 和 https ：// * / 没有帮助。）

(Note: The permissions in the manifest were always set to <all_urls> which had worked for a long time. Setting it to http://*/ and https://*/ did not help.)

推荐答案

如果可能，请使用https版本

If possible, use the https version of that external page.

如果这是不可能的，请使用背景页面来处理AJAX请求（示例）。

If that is not possible, use the background page to handle the AJAX request (example).

这篇关于从v38开始，Chrome扩展程序无法从HTTP网址加载，解决方法？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！