I need to access an API backend of a web app from a Chrome extension. The xhr requests that originate from the webpage itself are always preflighted (OPTIONS). However, I can not get the extension to fire preflight requests, it fires the GET requests and the servers authorization mechanism rejects calls without the OPTIONS first.
I read what is available on stackoverflow and tried to add a random "x-weird-header" in an attempt to send a preflight first but it didn't work.
Another thing I can't understand is, Chrome sends an "Origin" header for calls from the webpage but the request from my extension is missing the "Origin" header.
How can I get OPTIONS sent first? and why is the "Origin" missing in my request?
Thanks!
$.ajax({
url : url, /* url is https and it is called from a non ssl but same domain origin*/
type : 'GET',
beforeSend : function( xhr ) {
xhr.setRequestHeader( "Accept", "application/json, text/plain, */*");
xhr.setRequestHeader( "Authorization", "BEARER " + auth_token );
xhr.setRequestHeader( "x-weird-header", "utf8" );
},
success : function (data) {
console.log(data);
},
error : function (data, errorThrown) {
console.log(data);
}
});
I think reading on Cross-Origin XMLHttpRequest might help you with this. Your chrome extension is making requests to a remote server therefore you need cross-origin permissions. With regard to your OPTIONS problem, try using this OPTIONS as mentioned in this SO thread: