I have site in the "permissions", but keep getting "Origin chrome-extension://abc is not allowed by Access-Control-Allow-Origin."

Question

I've started new extension basing off an older one, which I've written earlier and which is working correctly now. The scheme of doing xhr is pretty normal for Google Chrome extensions: content script calls chrome.extension.sendRequest(data, callback), and the actual cross-site request is done in the backround.html.

Also, I'v made sure that the requested site is added to "permissions" section of manifest.json.

However, console of the background.html displays: "... Origin chrome-extension://.. is not allowed by Access-Control-Allow-Origin."

The question is the following: except of not having the target domain in the "permissions" (I've actually tried even here), WHAT ELSE may cause this error?

---

Here are some essential code snippets:

manifest.json:

{
    "name": "Register quote",
    "version": "0.0.2",
    "permissions": [ "<all_urls>" ],
    "background_page" : "background.html",
    "content_scripts": [
        {
            "matches": [
                "http://somedomain.com/*"
            ],
            "css": ["register_quote.css"],
            "js": ["jquery-1.3.2.min.js", "register_quote.user.js"]
        }
    ]
}

background.html: http://pastebin.com/0zLArvfA

register_quote.user.js:

// here's the final call, how it's prepared by the content script after all:
chrome.extension.sendRequest({
    'action': 'sendAjaxRequest',
    'url': "http://somedomain.com/the_script.php"
    'dataStr': "is_chrome=Y&ticketid=123123123&user=Vladimir+Mityukov&action=get_quoteids"
}, arg_callback);

---

P.S.: forgot to mention, there is also the following error in backround.html's console:

 Error in event handler for 'undefined': TypeError: Cannot read property 'length' of undefined
    at setupPageActionEvents (chrome/ExtensionProcessBindings:424:36)
    at chrome/ExtensionProcessBindings:1021:5
    at [object Object].dispatch (chrome/EventBindings:182:28)
    at Object.<anonymous> (chrome/EventBindings:237:25)

Don'e have any idea what this message means and what part of my code could cause it.. The scripts, mentioned here, are not mine.

Answer 1

This might be caused by some weirdness of the "<all_urls>" pattern, perhaps try changing it to be the specific URL that you want to call:

See: http://code.google.com/p/chromium/issues/detail?id=87671

"permissions": [ "http://somedomain.com/*" ]

---

On a side note, content scripts are now allowed to make cross-origin XHR calls:

http://code.google.com/chrome/extensions/xhr.html

"Version note: As of Chrome 13, content scripts can make cross-origin requests to the same servers as the rest of the extension. Before Chrome 13, a content script couldn't directly make requests; instead, it had to send a message to its parent extension asking the extension to make a cross-origin request."

In which case you would need to add http://somedomain.com/ to the permissions list in the manifest.