Reputation: 2045
I am writing a chrome extension that injects an iframe in the open tab and loads a url in it.The url to be loaded is not on the same domain as the opened page in the tab is.I am using following code :
--menifest.json--
"background" : {
"scripts": ["background.js"]
},
"permissions": [
"tabs", "http://*/", "https://*/"
]
--background.js--
chrome.browserAction.onClicked.addListener(function(tab) {
chrome.tabs.executeScript(null,
{file:"logic.js"});
});
--logic.js--
var newdiv = document.createElement('div');
var iframe = document.createElement('iframe');
iframe.setAttribute('src','http://google.co.in');
newdiv.appendChild(iframe);
document.body.appendChild(newdiv);
this works only when the curent page is http://google.co.in and not on other pages.So I am hitting cross domain issues.but as far as I know,extensions can make the cross domain requests,then how to do it?Please help.
Upvotes: 1
Views: 651
Reputation: 18554
Google uses X-Frame-Options header, many websites make use of them as a best practise
There are three possible values for X-Frame-Options:
Google uses SAMEORIGIN Value, so this works only when the curent page is http://google.co.in.
So, you are not hitting cross domain issues and Yes extensions can make the cross domain requests.
Upvotes: 2