Chrome Extension: how to change origin in AJAX request header?

javascript ajax google-chrome-extension cross-domain same-origin-policy

17,925

You probably misinterpreted the docs:
the extension can request access to remote servers outside of its origin

This means that the extension can send the request to the remote servers (i.e. the browser itself will not block the request as would happen with a normal web-page's JS).
This does not mean that the extension will be allowed to send arbitrary headers along with the request nor that the remote server will respond to the request.

So, if the remote server, requires a specific value for the Origin header, then there is nothing you can do, since according to the specs you are not allowed to set the Origin header (and this limitation also holds for extensions).

17,925

Author by

Maria

Updated on June 09, 2022

Comments

Maria almost 2 years
I'm trying to manually set an origin in an ajax request header. In my background.js, I have this
```
var ajaxResponse;
$.ajax({
    type:'POST',
    url:'www.somewebsite.com/login/login.asp',
    headers:{
            'origin': 'https://www.somewebsite.com'
    },
    success: function(response){
        ajaxResponse = response;
    }
});
```
As you can see, the origin is changed. But when this Chrome extension get executed, the origin gets override to chrome-extension://iphajdjhoofhlpldiilkujgommcolacc and the console gives error 'Refused to set unsafe header "origin"'

I've followed Chrome API (http://developer.chrome.com/extensions/xhr.html), and already set the permission as follows
```
"permissions": [
     "https://www.somewebsite.com/*"
 ],
```
Does anyone know how to properly set the origin in header? Thanks!