Chrome扩展程序 - 禁止阻止混合内容 [英] Chrome extension - Disable Blocking of Mixed Content
问题描述
混合内容:'https://www.instagram.com /'通过HTTPS加载,但请求不安全的XMLHttpRequest端点。此请求已被阻止;内容必须通过HTTPS提供。
我检查了这篇文章,它似乎并没有帮助我关于扩展spcifically: https://productforums.google.com/forum/#!topic/chrome/OwwppKWbKnc
另外,我尝试将服务器URL添加到manifest.json中的权限中,并且对我也没有任何作用。
我的问题是:有没有办法让我的Chrome扩展程序允许混合内容仅用于我的服务器,还是我唯一的选择将我的服务器切换到HTTPS?
如果您从内容脚本发送http请求,因为它与网页位于相同的上下文中,所以会受到 SOP ,这是浏览器的行为。
您可以将您的http请求从内容脚本移动到后台页面(通过消息传递或其他一些触发器,如后台页面存在于扩展的上下文中,而扩展本身可以通过添加服务器URL来绕过SOP到权限。
So I'm building a Chrome extension that takes images from the current tabs and sends those images to a server to host the image. It works great for many sites, but on major sites like Instagram and Pinterest, it won't work because the browser blocks mixed content (HTTP and HTTPS). I get the following error message in the console:
Mixed Content: The page at 'https://www.instagram.com/' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint. This request has been blocked; the content must be served over HTTPS.
I checked this post and it doesn't appear to help me with regards to extensions spcifically: https://productforums.google.com/forum/#!topic/chrome/OrwppKWbKnc
Also, I tried to add the server URL to the permissions in manifest.json and that did nothing for me, either.
My question is this: is there a way for me to have a Chrome extension that allows mixed content for just my server or is my only option to switch my server over to HTTPS?
If you send http request from content scripts, since it lives in the same context with the webpage, it will be restricted by SOP, which is browser behavior.
You could move your http request from content scripts to background page (either by Message Passing or some other trigger like browser Action), since background page lives in the context of the extension, while extension itself can bypass the SOP by adding server URL to permissions.
这篇关于Chrome扩展程序 - 禁止阻止混合内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
