本文介绍了另一个Cross-XHR相关的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述 我知道有很多关于Access-Control-Allow-Origin不允许的问题的问题。错误。 但我尝试过其中一些没有成功。 ：（b / b） 一些约会： 我试图建立一个dev -tools-tab extension 我可以触摸flickr API，如示例显示 我无法到达本地主机 已尝试几个权限通配符 http：// localhost / http：// * / *：/ / * / 已经尝试打包和解包扩展程序 目前，manifest.json有 $ b $ version：0.0.1，manifest_version：2，devtools_page：components / devtools.html，permissions：[http：// * /] devtools.html < html> < head> < meta charset =utf-8> < title> ;< / title> < / head> < body> < script src =../ js / devtools.js>< / script> < / body> < / html> 和devtools.js use strict; var xhr1，xhr2，url; xhr1 = new window.XMLHttpRequest（）; xhr2 = new window.XMLHttpRequest（）; xhr1.onreadystatechange = function（）{ if（this.readyState === 4）{ console.log（'flickr ok'） ; } }; xhr2.onreadystatechange = function（）{ console.log（this.readyState）; if（this.readyState === 4 ）{ console.log（this.responseText）; } }; url ='https://secure.flickr.com/services/rest/？'+ 'method = flickr.photos.search&'+ 'api_key = 90485e931f687a9b9c2a66bf58a3861a&'+ 'text ='+ encodeURIComponent（'cats'）+'&'+ 'safe_search = 1&'+ 'content_type = 1&'+ 'sort = interestingness-desc&'+ 'per_page = 20'; xhr 1.open（'get'，url，true）; xhr1.send（）; url ='http：//apache.local'; xhr2.open（'get'，url，true）; xhr2.setRequestHeader（'Origin'，url）; xhr2.send（）; Chrome控制台输出： 1 devtools.js：12 拒绝设置不安全标题Origindevtools.html：1 XMLHttpRequest无法加载http：//apache.local/。来源chrome-extension：// nafbpegjhkifjgmlkjpaaglhdpjchlhk不被Access-Control-Allow-Origin允许。 devtools.html：1 4 devtools.js：12 flickr ok devtools.js：8 Chrome版本： 28.0.1500.20 dev 感谢您的任何建议 解决方案 实际上，问题在于我试图在devtools页面上执行XHR请求，它似乎没有权限绕过像弹出页面这样的跨源访问策略。 Devtools选项卡尝试也不成功。 编辑 是与阶段权限相关的。不是通配符许可。正如我所说的，我设法在一些域上执行查询，但没有明确地在我的权限数组上。 问题真的在于脚本正在运行。 同样的脚本，如果用作弹出窗口，工作正常。所以，我已经尝试了成功的背景脚本！我遇到了devtools_page和相关的问题，没有这样的权限... lockquote Developer Tools中的扩展页面可用的API窗口包括上面列出的所有devtools模块和chrome.extension API。其他扩展API并不适用于开发者工具页面，但您可以通过向您的扩展的后台页面发送请求来调用它们，就像在内容脚本中完成的一样。 http://developer.chrome.com/extensions /devtools.html 该级别的脚本拒绝非显式交叉xhrs。 解决了将请求放入后台脚本并使用消息API 时出现问题。 谢谢！ I know that there's a bunch of questions about the "not allowed by Access-Control-Allow-Origin." error.But I've tried some of them without success. :(Some appointments:I'm trying to build a dev-tools-tab extensionI can touch flickr API like the example showsI can't reach localhostAlready tried several permission wildcardshttp://localhost/http://*/*://*/Already tried pack'd and unpack'd extensionscurrently, manifest.json has"version": "0.0.1","manifest_version": 2,"devtools_page": "components/devtools.html","permissions": [ "http://*/"]devtools.html<!DOCTYPE html><html><head> <meta charset="utf-8"> <title></title></head><body> <script src="../js/devtools.js"></script></body></html>and, devtools.js(function (window) {"use strict";var xhr1, xhr2, url;xhr1 = new window.XMLHttpRequest();xhr2 = new window.XMLHttpRequest();xhr1.onreadystatechange = function () { if (this.readyState === 4) { console.log('flickr ok'); }};xhr2.onreadystatechange = function () { console.log(this.readyState); if (this.readyState === 4) { console.log(this.responseText); }};url = 'https://secure.flickr.com/services/rest/?' + 'method=flickr.photos.search&' + 'api_key=90485e931f687a9b9c2a66bf58a3861a&' + 'text=' + encodeURIComponent('cats') + '&' + 'safe_search=1&' + 'content_type=1&' + 'sort=interestingness-desc&' + 'per_page=20';xhr1.open('get', url, true);xhr1.send();url = 'http://apache.local';xhr2.open('get', url, true);xhr2.setRequestHeader('Origin', url);xhr2.send();Chrome console output:1 devtools.js:12Refused to set unsafe header "Origin" devtools.html:1XMLHttpRequest cannot load http://apache.local/. Origin chrome-extension://nafbpegjhkifjgmlkjpaaglhdpjchlhk is not allowed by Access-Control-Allow-Origin. devtools.html:14 devtools.js:12flickr ok devtools.js:8Chrome version: 28.0.1500.20 devThanks in any advice. 解决方案 I've got it!Actually, the problem is that I'm trying to perform XHR requests on devtools page and it seems to have no permissions to bypass cross-origin-access policies like a popup page do.Devtools tab tries are also unsuccessful.editIs an stage-permission related. Not wildcard-permission. As I've said, I've managed to perform queries on some domains, yet not having they explicitly on my permissions array.The problem really lies on the type of script running.The same script, if used as a popup, work'd fine. So, I've tried as an background-script with success too! I was facing the problem that devtools_page and related doesn't have such permissions... The APIs available to extension pages within the Developer Tools window include all devtools modules listed above and chrome.extension API. Other extension APIs are not available to the Developer Tools pages, but you may invoke them by sending a request to the background page of your extension, similarly to how it's done in the content scripts.http://developer.chrome.com/extensions/devtools.htmlThat level of script denies non explicit cross xhrs.Solved the problem putting the requests in a background script and using messages api.Thank you! 这篇关于另一个Cross-XHR相关的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！