是否可以从 Chrome 中的内容脚本执行跨源 XMLHttpRequest?
Is it possible to perform a Cross-Origin XMLHttpRequest from a content script in Chrome?
Cross-Origin XMLHttpRequest 的文档表明,只要我使用正确的权限,我就应该能够从通过 https 加载的页面访问 http 资源。然而,我在尝试此操作时收到以下错误消息。
content.js:1 Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.example.com/'. This request has been blocked; the content must be served over HTTPS.
清单:
{
"name": "Test Extension",
"version": "0.1",
"permissions": [
"http://www.example.com/*",
"https://www.example.com/*",
],
"content_scripts": [
{
"matches": [
"http://www.example.com/*",
"https://www.example.com/*"
],
"js": ["content.js"],
"run_at": "document_start"
}
],
"manifest_version": 2
}
content.js:
fetch('http://www.example.com/').then(response => {
console.log('Done!')
});
您的问题不是 CORS。它是混合内容,即使在扩展中也无法解决。
您可以将您的请求移动到后台页面(通过消息传递)。
Cross-Origin XMLHttpRequest 的文档表明,只要我使用正确的权限,我就应该能够从通过 https 加载的页面访问 http 资源。然而,我在尝试此操作时收到以下错误消息。
content.js:1 Mixed Content: The page at 'https://www.example.com/' was loaded over HTTPS, but requested an insecure resource 'http://www.example.com/'. This request has been blocked; the content must be served over HTTPS.
清单:
{
"name": "Test Extension",
"version": "0.1",
"permissions": [
"http://www.example.com/*",
"https://www.example.com/*",
],
"content_scripts": [
{
"matches": [
"http://www.example.com/*",
"https://www.example.com/*"
],
"js": ["content.js"],
"run_at": "document_start"
}
],
"manifest_version": 2
}
content.js:
fetch('http://www.example.com/').then(response => {
console.log('Done!')
});
您的问题不是 CORS。它是混合内容,即使在扩展中也无法解决。
您可以将您的请求移动到后台页面(通过消息传递)。