CODEWITHSUNDEEP
jquerygoogle-chrome-extensionhttps
Rocket
Rocket

Reputation: 1093

Chrome Extension Breaks HTTPS

I've written a simple Chrome extension that is configured with the staff members id and a field name within that page to trigger focus on. ie: id and fieldName

When the user clicks within that field ajax is used to send the users ID to a local web server.

$('[name=' + fieldName + ']').focus(function () {
    console.log ( "FOCUS - "  + id + ' ' + fieldName)
    $.ajax({ url : 'https://LOCAL_IP_ADDRESS/staff.php?staffID=' + id });
});

The extension can be run on ANY hosted web page, LOCAL_IP_ADDRESS is the internal IP Address of our local web server which the users PC can also reach.

No data from the site is being sent from the page, only a values from the extension configuration.

The above works fine. However...

I load a HTTPS site and Chrome reports it as secure.

I click within the relevant field and the staffID is sent to our local webserver. However the web site now reports as insecure.

Is there anything I can do to stop that happening ?

Thanks

Upvotes: 0

Views: 51

Answers (1)

woxxom
woxxom

Reputation: 73616

  1. Declare an event page:

    "background": {
    "scripts": ["jquery.js", "eventPage.js"],
    "persistent": false
},

  2. From your content script send the id in a message to the event page:

    $('[name=' + fieldName + ']').focus(() => chrome.runtime.sendMessage({id}));

  3. The event page does the AJAX request:

    chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
    $.ajax({url : 'https://LOCAL_IP_ADDRESS/staff.php?staffID=' + msg.id});
});

Optionally, you can send AJAX request results back to the content script asynchronously:

  • content script:

    $('[name=' + fieldName + ']').focus(() => {
    chrome.runtime.sendMessage({id}, status => console.log(status))
});

  • event page:

    chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
    $.ajax({
        url : 'https://LOCAL_IP_ADDRESS/staff.php?staffID=' + msg.id,
        complete: xhr => sendResponse(xhr.status),
    });
    return true; // leave the channel open for sendResponse
});

Upvotes: 1

Related Questions