I'm trying to manually set an origin in an ajax request header. In my background.js, I have this
var ajaxResponse;
$.ajax({
type:'POST',
url:'www.somewebsite.com/login/login.asp',
headers:{
'origin': 'https://www.somewebsite.com'
},
success: function(response){
ajaxResponse = response;
}
});
As you can see, the origin is changed. But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolacc
and the console gives error 'Refused to set unsafe header "origin"'
I've followed Chrome API (http://developer.chrome.com/extensions/xhr.html), and already set the permission as follows
"permissions": [
"https://www.somewebsite.com/*"
],
Does anyone know how to properly set the origin in header? Thanks!
You probably misinterpreted the docs:
the extension can request access to remote servers outside of its origin
This means that the extension can send the request to the remote servers (i.e. the browser itself will not block the request as would happen with a normal web-page's JS).
This does not mean that the extension will be allowed to send arbitrary headers along with the request nor that the remote server will respond to the request.
So, if the remote server, requires a specific value for the Origin
header, then there is nothing you can do, since according to the specs you are not allowed to set the Origin
header (and this limitation also holds for extensions).