Menu
I already tried looking for various questions, but that didn't help/I am too inexperienced to understand, so I have to be specific. This is what I get in the console:
XMLHttpRequest cannot load https://a.websight.com/file/hex.json. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://asdfghetcetcetc' is therefore not allowed access. (index):1
It's breaking my entire extension and I don't know how to fix it. I would appreciate any help.
699
There Are Two Approaches to Getting It Right.Use a reverse proxy server or WSGI server(such as Nginx or Apache) to proxy requests to your resource and handle the OPTIONS method in the proxy. Add support for handling the OPTIONS method in the resource's code.
Use addHeader Instead of using setHeader method, response. addHeader("Access-Control-Allow-Origin", "*"); * in above line will allow access to all domains .
If the server is under your control, add the origin of the requesting site to the set of domains permitted access by adding it to the Access-Control-Allow-Origin header's value. You can also configure a site to allow any site to access it by using the * wildcard. You should only use this for public APIs.
Limiting the possible Access-Control-Allow-Origin values to a set of allowed origins requires code on the server side to check the value of the Origin request header, compare that to a list of allowed origins, and then if the Origin value is in the list, set the Access-Control-Allow-Origin value to the same value as ...
Although question is quite old, I found that google developer site provide easy way to remember global kind of permission. If you want to make cross origin ajax requests in any where you can add "permissions": ["<all_urls>"] to the manifest. Or else you can use matching patterns which are described in here.
160
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
