Chrome blocks different origin requests

Active3 hr before
Viewed126 times

3 Answers


When script tries to access a frame from a different origin Chrome blocks it and throws exception as , Stack Overflow Public questions & answers ,Thanks for contributing an answer to Stack Overflow!, Stack Overflow for Teams Where developers & technologists share private knowledge with coworkers

Direct Javascript calls between frames and/or windows are only allowed if they conform to the same-origin policy. If your window and iframe share a common parent domain you can set document.domain to "domain lower") one or both such that they can communicate. Otherwise you'll need to look into something like the postMessage() API.

load more v

Limiting content script access to cross-origin requests,Requesting cross-origin permissions,When performing cross-origin requests on behalf of a content script, be careful to guard against malicious web pages that might try to impersonate a content script. In particular, do not allow content scripts to request an arbitrary URL.,By adding hosts or host match patterns (or both) to the host_permissions section of the manifest file, the extension can request access to remote servers outside of its origin.

Each running extension exists within its own separate security origin. Without requesting additional privileges, the extension can use XMLHttpRequest to get resources within its installation. For example, if an extension contains a JSON configuration file called config.json, in a config_resources folder, the extension can retrieve the file's contents like this:

var xhr = new XMLHttpRequest();
xhr.onreadystatechange = handleStateChange; // Implemented"GET", chrome.extension.getURL('/config_resources/config.json'), true);xhr.send();
load more v

This article is a general discussion of Cross-Origin Resource Sharing and includes a discussion of the necessary HTTP headers.,Cross-Origin Resource Sharing (CORS),In response, the server sends back an Access-Control-Allow-Origin header with Access-Control-Allow-Origin: *, which means that the resource can be accessed by any origin.,This section lists the HTTP response headers that servers send back for access control requests as defined by the Cross-Origin Resource Sharing specification. The previous section gives an overview of these in action.

const xhr = new XMLHttpRequest();
const url = 'https://bar.other/resources/public-data/';'GET', url);
xhr.onreadystatechange = someHandler;
load more v

Other "chrome-different" queries related to "Chrome blocks different origin requests"