diff options
| author | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-02 01:46:54 +0000 |
|---|---|---|
| committer | rafaelw@chromium.org <rafaelw@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2009-09-02 01:46:54 +0000 |
| commit | 15f5e7a55a40ce17cf5117cb079c72e5978276f2 (patch) | |
| tree | 58311866fc8e7ff5864d670af90fdb158f3875fd /chrome/common/extensions/docs/static/xhr.html | |
| parent | 301babee0cbae6e4657496437e3b3919e9b78be7 (diff) | |
| download | chromium_src-15f5e7a55a40ce17cf5117cb079c72e5978276f2.zip chromium_src-15f5e7a55a40ce17cf5117cb079c72e5978276f2.tar.gz chromium_src-15f5e7a55a40ce17cf5117cb079c72e5978276f2.tar.bz2 | |
Extension Doc Changes (no building or testable changes).
Added xhr.html.
TBR=kathyw,aa
Review URL: http://codereview.chromium.org/172097
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@25142 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/extensions/docs/static/xhr.html')
| -rwxr-xr-x | chrome/common/extensions/docs/static/xhr.html | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/chrome/common/extensions/docs/static/xhr.html b/chrome/common/extensions/docs/static/xhr.html new file mode 100755 index 0000000..8c55058 --- /dev/null +++ b/chrome/common/extensions/docs/static/xhr.html @@ -0,0 +1,75 @@ +<div id="pageData-title" class="pageData">Cross-Origin XMLHttpRequest</div> + +<!-- BEGIN AUTHORED CONTENT --> +<p id="classSummary"> +In regular web pages, the +<a href="http://www.w3.org/TR/XMLHttpRequest/">XMLHttpRequest</a> +object can be used to send and receive data from remote servers, but is +constrained by the +<a href="http://en.wikipedia.org/wiki/Same_origin_policy">same origin policy</a>. +Extensions are allowed to access remote servers outside of their origin, +but they must first declare their intent to do so.</p> + +<h2 id="extension-origin">Extension Origin</h2> +<p>Each running extension exists within it's own seperate security origin. Without +requesting additional priviliges, the extension can use +the XMLHttpRequest to access resources within it's installation. For example, if +the extension contains a JSON configuration file called <var>config.json</var>, +in a <var>config_resources</var> folder, it could retrieve it's contents like +this:</p> + +<pre> +var xhr = new XMLHttpRequest(); +xhr.onreadystatechange = handleStateChange; // Implemented elsewhere. +xhr.open("GET", chrome.extension.getURL('/config_resources/config.json'), true); +xhr.send(); +</pre> + +<p>If the extension attempted to access a security origin other than itself, +say</p> + +<pre> +xhr.open("GET", "http://www.google.com", true); +</pre> + +<p>The browser would disallow it.</p> + +<h2 id="requesting-permission">Requesting Cross-Origin Permissions</h2> + +<p>By adding hosts and/or host match patterns to the +<a href="manifest.html#permissions">permissions<a> section of the +<a href="manifest.html">manifest</a> file, the extension can request access to +remote servers outside of it's origin.</p> + +<pre>"permissions": [ + "http://www.google.com/", +], +</pre> + +<p>Cross-origin permission values can be either fully qualified host names, +like</p> + +<pre>"http://www.google.com/" or +"http://www.gmail.com/"</pre> + +<p>or match patterns, like</p> + +<pre>"http://*.google.com/" or +"http://*/"</pre> + +<p>which would allow http access to all reachable domains. Note that here, +match patterns are similar to <a href="match_patterns.html">content script +match patterns</a>, but any path information following the host is ignored.</p> + +<p>Also, note that access is granted both by host and scheme. If an extension +wants secure and non-secure http access to a given host or set +of hosts, it must declare the permissions seperately:</p> + +<pre>"permissions": [ + "http://www.google.com/", + "https://www.google.com/", +], +</pre> + + +<!-- END AUTHORED CONTENT --> |