我正在尝试编写Google Chrome扩展程序。在我的manifest.json中,我有以下行;
"content_security_policy": "script-src 'self' https://ajax.googleapis.com https://api.uber.com; object-src 'self'",
当我对“https://api.uber.com/v1/estimates/time”进行jQuery Ajax调用时,我得到了;
Failed to load resource: the server responded with a status of 405 (Method Not Allowed)
albooker.html:1 XMLHttpRequest cannot load https://api.uber.com/v1/estimates/time......
No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'chrome-extension://elgjhbhandpgpankfcdmlmndilgledee' is therefore not allowed access. The response had HTTP status code 405.
AJAX代码;
$.ajax({
type: "GET",
dataType: "json",
url: uberURL,
success: function( jsondata ) {
// Call function to display details
alert(JSON.stringify(jsondata));
}
我已将生成的URL uberURL粘贴到浏览器中,并返回预期的数据。 -
我这样做是正确的吗?感谢
答案 0 :(得分:1)
向内容安全政策添加网址可让您从这些网站执行代码。如果您希望能够进行Ajax调用,则需要将它们添加到清单的permissions部分:
permisions: ["https://api.uber.com/"]