在Chrome扩展程序中无法跨站点Ajax api调用吗? [英] Impossible to cross site ajax api calls in a chrome extension?

问题描述

我正在尝试创建一个Chrome扩展程序，该扩展程序调用Rails应用程序的api.当前api返回json并且可以正常工作，但是当我尝试将其构建为chrome扩展程序时，它说:

I am trying to create a chrome extension that calls my rails app's api. currently the api returns json and it works fine, however when I try to build it into a chrome extension, it says :

由于内容安全政策，拒绝从"http://mysite.com/demo?q=hello?callback=jQuery16409466155741829425_1342489669670&_=1342489677171"加载脚本.

Refused to load script from 'http://mysite.com/demo?q=hello?callback=jQuery16409466155741829425_1342489669670&_=1342489677171' because of Content-Security-Policy.

我在 http://code.google.com/chrome/extensions中查找了文档/contentSecurityPolicy.html ，除非我将网站实现为https版本，否则听起来我无法做到这一点. (在放松默认策略"部分下)我不确定我是否理解正确，仅由于此原因做出如此大的更改感觉很可笑.我被误解了吗?还是有解决方法?谢谢.

I looked up the document http://code.google.com/chrome/extensions/contentSecurityPolicy.html and it sounds like I can't do this unless I implement my site into a https version. (under "Relaxing the default policy" section) I am not sure if I understood correctly and it feels ridiculous to make such a big change just because of this. Am I misunderstood? Or is there a workaround to this? Thank you.

推荐答案

在Chrome扩展程序中，允许跨站点XMLHttpRequest，前提是您在清单文件中定义了源-请参见 http://code.google.com/chrome/extensions/xhr.html .

In a Chrome extension, cross-site XMLHttpRequests are allowed, provided that you define the source in the manifest file - see http://code.google.com/chrome/extensions/xhr.html.

JSONP实现使用<script>标记加载外部脚本，并将其插入文档中.除非通过 "content_security_policy" 条目JSONP将源列入白名单清单版本 2处于活动状态时，不能使用该按钮(请勿 strong>使用清单v1来解决此问题，因为它已被弃用，并且已经存在合适的替代方案.

A JSONP implementation loads an external script using the <script> tag, and inserts it in the document. Unless the source is whitelisted through the "content_security_policy" entry, JSONP cannot be used when manifest version 2 is active (do not use manifest v1 to overcome this, because it's deprecated, and a suitable alternative already exist).

当您无法接收JSON响应而不是JSONP时，请使用普通请求来获取数据，切断回调，然后对其进行解析.例如:

When you're unable to receive a JSON response instead of JSONP, use an ordinary request to fetch the data, cut off the callback, then parse it. Eg:

// response is the response from the server
// Received through `XMLHttpRequest`, jQuery.ajax, or whatever you used
// cuts of jQuery....(  and the trailing )
response = response.replace(/^[^(]*\(/, '').replace(/\);?$/, '');

这篇关于在Chrome扩展程序中无法跨站点Ajax api调用吗?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！