CODEWITHSUNDEEP
htmljsongoogle-chrome
JeanPant
JeanPant

Reputation: 11

Meaning of "Chrome-extension is not allowed by Access-Control-Allow-Origin"?

Its my first time developing Google Chrome Extentions, my goal is to retrieve a URL from a REST service that i host on my local machine, and display it on a popup...this is the code im using :

<style>
body {
    min-width:357px;
    overflow-x:hidden;
}
</style>

<script>
var req = new XMLHttpRequest();
req.open(
    "GET",
    "http://URLTORESTSERVICE/Items",
    true);
req.onload = showWorklistItems;
req.send(null);

function showWorklistItems() {
    var worklistitems = req.responseXML.getElementsByTagName("WorklistItem");
    for (var i = 0, wli; wli = worklistitems[i]; i++) {
    var link = document.createElement('a');
    link.setAttribute('href', constructWLIURL(wli));
    document.body.appendChild(link);
  }
}

function constructWLIURL(wli) {
    return "testing" + wli.getAttribute("SerialNumber");
}
</script>

But I get this error when i execute:

XMLHttpRequest cannot load http://URLTORESTSERVICE/Items. Origin chrome-extension://caioejefhikijgcaondigdaaobomailk is not allowed by Access-Control-Allow-Origin.

Upvotes: 1

Views: 2009

Answers (2)

reconbot
reconbot

Reputation: 5287

You're hitting CORS or "cross-origin resource sharing". http://enable-cors.org/ is a good resource on the subject. Its caused by your request not originating on the same domain as the data service.

In order for you to use the data in an ajax request from another domain, you'll want to ask the data provider to add a CORS header similar to the following to their http response. (Note: JSONP while dangerous, works around this issue.)

Access-Control-Allow-Origin: *

EDIT: I see you are the data provider - output that header and you'll be set.

Upvotes: 3

Marcin
Marcin

Reputation: 49886

Access-Control-Allow-Origin is a header sent (or not) by your server. Certain browsers (notably Chrome and Firefox) respect this header in respect of cross-domain requests. This means that unless the originating domain is listed in that header, the browser will refuse perform the request (or at least, fully).

You could alter your local server to set the header correctly, or perhaps you could alter chrome's settings somehow to stop treating what you are doing as a cross-domain request.

Upvotes: 0

Related Questions