Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(92)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/static/xhr.html

Issue 2906002: Merge 51854 - Add a note that the code sample is broken until the bug is fixe... (Closed) Base URL: svn://svn.chromium.org/chrome/branches/453/src/
Patch Set: Created 10 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | chrome/common/extensions/docs/xhr.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <div id="pageData-name" class="pageData">Cross-Origin XMLHttpRequest</div> 1 <div id="pageData-name" class="pageData">Cross-Origin XMLHttpRequest</div>
2 2
3 <!-- BEGIN AUTHORED CONTENT --> 3 <!-- BEGIN AUTHORED CONTENT -->
4 <p id="classSummary"> 4 <p id="classSummary">
5 Regular web pages can use the 5 Regular web pages can use the
6 <a href="http://www.w3.org/TR/XMLHttpRequest/">XMLHttpRequest</a> 6 <a href="http://www.w3.org/TR/XMLHttpRequest/">XMLHttpRequest</a>
7 object to send and receive data from remote servers, 7 object to send and receive data from remote servers,
8 but they're limited by the 8 but they're limited by the
9 <a href="http://en.wikipedia.org/wiki/Same_origin_policy">same origin policy</a> . 9 <a href="http://en.wikipedia.org/wiki/Same_origin_policy">same origin policy</a> .
10 Extensions aren't so limited. 10 Extensions aren't so limited.
(...skipping 18 matching lines...) Expand all
29 in a <code>config_resources</code> folder, the extension can retrieve the file's contents like 29 in a <code>config_resources</code> folder, the extension can retrieve the file's contents like
30 this:</p> 30 this:</p>
31 31
32 <pre> 32 <pre>
33 var xhr = new XMLHttpRequest(); 33 var xhr = new XMLHttpRequest();
34 xhr.onreadystatechange = handleStateChange; // Implemented elsewhere. 34 xhr.onreadystatechange = handleStateChange; // Implemented elsewhere.
35 xhr.open("GET", chrome.extension.getURL('/config_resources/config.json'), true); 35 xhr.open("GET", chrome.extension.getURL('/config_resources/config.json'), true);
36 xhr.send(); 36 xhr.send();
37 </pre> 37 </pre>
38 38
39 <p class="caution">
40 <b>Bug note:</b>
41 Until <a href="http://crbug.com/41024">bug 41024</a> is fixed,
42 the preceding code won't work.
43 </p>
44
39 <p>If the extension attempts to use a security origin other than itself, 45 <p>If the extension attempts to use a security origin other than itself,
40 say http://www.google.com, 46 say http://www.google.com,
41 the browser disallows it 47 the browser disallows it
42 unless the extension has requested the appropriate cross-origin permissions. 48 unless the extension has requested the appropriate cross-origin permissions.
43 </p> 49 </p>
44 50
45 <h2 id="requesting-permission">Requesting cross-origin permissions</h2> 51 <h2 id="requesting-permission">Requesting cross-origin permissions</h2>
46 52
47 <p>By adding hosts or host match patterns (or both) to the 53 <p>By adding hosts or host match patterns (or both) to the
48 <a href="manifest.html#permissions">permissions</a> section of the 54 <a href="manifest.html#permissions">permissions</a> section of the
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after
153 </pre> 159 </pre>
154 <p> 160 <p>
155 Additionally, be especially careful of resource retrieved via HTTP. If your 161 Additionally, be especially careful of resource retrieved via HTTP. If your
156 extension is used on a hostile network, an network attacker (aka a <a 162 extension is used on a hostile network, an network attacker (aka a <a
157 href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">"man-in-the-middle" </a>) 163 href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">"man-in-the-middle" </a>)
158 could modify the response and, potentially, attack your extension. Instead, 164 could modify the response and, potentially, attack your extension. Instead,
159 prefer HTTPS whenever possible. 165 prefer HTTPS whenever possible.
160 </p> 166 </p>
161 167
162 <!-- END AUTHORED CONTENT --> 168 <!-- END AUTHORED CONTENT -->
OLDNEW
« no previous file with comments | « no previous file | chrome/common/extensions/docs/xhr.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698