What permissions (if any) do I need to provide the Chrome extension so that it can make remote AJAX calls?

Question

What permissions (if any) do I need to provide the Chrome extension so that it can make remote AJAX calls?

I wrote an extension for my library. It calls the AJAX call api.library.edu (school library).

My extension uses jQuery and my code looks like this:

 $.get("http://api.library.edu/?period=1month", function (data) { // process data });

When I load my extension, it calls an AJAX call, and I return the data.

Now I do not give absolutely any rights to the extension ( permissions is [] ).

Will my extension work when I publish it? Should it require special permissions to invoke AJAX using jQuery?

Thanks! I just made sure I wrote my extension correctly.

+4

javascript jquery google-chrome ajax google-chrome-extension

bodacydo Aug 4 '15 at 0:54

source share

1 answer

Maximillian laumeister · Accepted Answer · 2015-08-04T00:58:31+0000

Your extension does not require any additional permissions to make AJAX calls from a single source. However, if api.library.edu does not set the corresponding CORS headers, you may need to request permission for cross origin for this domain:

 { "name": "My extension", ... "permissions": [ "http://api.library.edu/" ], ... }

From Google Docs:

Each running extension exists within its own separate security source. Without requesting additional privileges, the extension can use XMLHttpRequest to get resources as part of its installation.
...
By adding hosts or host matching patterns (or both) to the permissions section of the manifest file, the extension may request access to remote servers outside its origin.

If the extension already works, this may make me believe that cross-domain headers are already installed in the library API, and you won’t need additional permissions.

What permissions (if any) do I need to provide the Chrome extension so that it can make remote AJAX calls?

More articles: