当浏览器在我的网页上时,我正在尝试进行ajax调用它完美地工作但是一旦我离开我的域,它就会失败。这是一个封闭的系统,用户知道他们正在被跟踪,因此没有任何阴影。我在域外的所有内容都收到错误406。例如,如果我在www.mywebpage.com的网址上,脚本执行完美,但只要我访问www.yourwebpage.com就会返回错误。
我已经尝试将manifest.json中的权限设置为我的URL,所有网址,特定网址,但它的行为方式相同。这是我的background.js
chrome.runtime.onMessage.addListener
(
function(message, sender, sendResponse)
{
if(message.applicationcode=="VALIDAPPLICATIONKEY")
{
var salt=message.salt;
var learnerid=message.learnerid;
var behaviorkey=message.behaviorkey;
var behaviorname=message.behaviorname;
var behaviorkeyname=message.behaviorkeyname;
chrome.tabs.query
(
{active: true},
function(arrayOfTabs)
{
var data = new FormData();
data.append('Salt', salt);
data.append('LearnerID', learnerid);
data.append('BehaviorKey', behaviorkey);
data.append('BehaviorName', behaviorname);
data.append('BehaviorKeyName', behaviorkeyname);
data.append('BehaviorValue', arrayOfTabs[0].url);
var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://www.mywebpage.com/myservice.php', true);
xhr.onreadystatechange = function()
{
if (xhr.readyState == 4)
{
// JSON.parse does not evaluate the attacker's scripts.
var resp = JSON.parse(xhr.responseText);
console.log(resp);
}
}
xhr.send(data);
}
);//end query
return true;
}
}
);//end listener
这是我当前的清单文件。
{
"manifest_version": 2,
"name": "Application",
"description": "Plugin",
"version": "1.0",
"background":
{
"scripts": ["jquery.js","background.js"],
"persistent": true
},
"permissions": [
"tabs","http://www.mywebpage.com/*","https://www.mywebpage.com/*"
],
"browser_action":
{
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"content_scripts":
[
{
"matches": ["<all_urls>"],
"js": ["jquery.js","popup.js"]
}
]
}
对此有任何想法或帮助将不胜感激。根据文档here,扩展允许我尝试做的事情并且以有限的方式工作。或者,此类操作是否应按照建议here在扩展程序页中进行?我是编写Chrome扩展程序的新手,我确信我错过了一些愚蠢的内容。
提前致谢。
答案 0 :(得分:7)
这是我的解决方案:
的manifest.json:
{
"manifest_version": 2,
"name": "My Name",
"description": "My Description.",
"version": "0.1",
"background":
{
"scripts": ["jquery.js","background.js"],
"persistent": true
},
"permissions":
[
"tabs",
"storage"
],
"browser_action":
{
"default_icon": "icon.png",
"default_popup": "popup.html"
},
"content_scripts":
[
{
"matches": ["https://www.myurl.com/*"],
"js": ["jquery.js","popup.js"],
"run_at": "document_end"
}
]
}
background.js:
var learnerid=0;
// Called when the user clicks on the browser action.
chrome.tabs.onUpdated.addListener
(
function (tabId, changeInfo, tab)
{
if (changeInfo.status == 'complete')
{
chrome.tabs.query
(
{
active: true
},
function (tabs)
{
if(learnerid!=0)
{
TrackURL(tabs);
}
else
{
console.log("User not logged in yet!");
}//end if
}
);//end query
}
}
);
chrome.runtime.onMessage.addListener
(
function(message, sender, sendResponse)
{
if(message.applicationcode=="appname")
{
learnerid=message.learnerid;
}//end if
}
);//end function
function TrackURL(tabs)
{
$.ajax
(
{
type: "POST",
url: "http://www.myurl.com/action.php",
dataType:"json",
data:
{
Action: 'TrackURL',
URL:tabs[0].url,
Title:tabs[0].title,
LearnerID:learnerid
},
success: function(msg)
{
console.log("URL Tracked");
}//end function
}
);//End ajax
}//end function
popup.js:
document.addEventListener
(
"starttrack",
function(e)
{
startPoll(e.detail);
}
);
function startPoll(e)
{
chrome.runtime.sendMessage
(
{
applicationcode: "myapp",
learnerid: e,
}
);
}
从我的网页:
function SendLearnerID(value)
{
try
{
var event = new CustomEvent("starttrack",{'detail': value});
document.dispatchEvent(event);
}
catch(err)
{
console.log(err);
}
}//end function
我的问题是我的原始事件调用发生在网页内....因此406错误。希望这有助于其他人。
答案 1 :(得分:0)
幸运的是,你是对的......你只是错过了一些简单的事情:
您需要对您希望此工作的任何页面/域/网址的权限,并且您只需要 www.mywebpage.com 权限当前manifest.json:
"permissions": [
"tabs","http://www.mywebpage.com/*","https://www.mywebpage.com/*"
],
如果您想在后台网页/脚本的上下文中执行此操作,则需要在{strong> permissions 条目中添加所有网址{1}}。如果您想通过内容脚本执行此操作,则需要将其添加到 manifest.json 条目中。如果您计划在两个地方进行,请在两个条目/部分中添加:
content_scripts如果您还希望用户在打开本地文件时也可以使用您的扩展程序,那么请添加文件架构/协议的权限,如下所示:
"permissions": [ //needed for background script
"tabs","http://*/*","https://*/*"
],
"content_scripts":[ //needed for content script
...
"http://*/*","https://*/*"
...
]