1

I have a content script which includes jquery ui component and i want to send data to my server with http post. However i have come to realize that you can not send http post message to a https website or vice versa. If i send my message to the background script and post from there will i have a problem about it? Will it make a difference if the site is http or https? If it makes a difference how can i get this done?

mert
  • 88
  • 9

2 Answers2

2

Yes, you can use http POST, as well as any other http method (e.g., GET, PUT, PATCH), in a content script -- as well as a background script, for that matter.

However, in both cases, the URL to which you're sending your request must be declared in your extension's permissions. You do this in the manifest. For example, if you would like to send http requests to http://www.some-domain.com, you must add that URL (or a pattern matching that URL) to the permissions array of your manifest:

{
    ...
    "permissions": [
      "http://www.some-domain.com/*"
    ],
    "name": "Test",
    "manifest_version": 2,
    "version": "0.0.0"
}

You can add wild cards to your URL permission patterns; thus, if you'd like to match both https and http, you can do something like *://www.some-domain.com/*. See the official literature here.

I should warn you that if you are attaching a content script to a page that was loaded as https rather than http, you will likely not be allowed to send an unsecure http request due to Chrome blocking mixed content, which I believe requires a user override. So a good rule of thumb is: if you're attaching your content script to a page loaded via http, then use http to send the request; if you're attaching to a page loaded via https, then use https.

One last tip: Don't forget to reload your extension after you've changed the manifest, or the permission changes won't be reflected. To reload your extension, go to chrome://extensions, find your extension, then hit reload.

Andre Gregori
  • 1,150
  • 1
  • 10
  • 17
  • Thanks very useful information but it is kinda feel like a workaround. I rather prefer send my message back to background and send the post request that way but thanks for the information and advice anyway! – mert Feb 18 '16 at 20:08
  • This isn't a workaround; it's the only way to do it. The only way you'll be permitted to send http requests to a domain outside of your chrome-extension origin is to declare the URL match pattern in your manifest, regardless of whether the request originated in a background page/script or in a content script. – Andre Gregori Feb 18 '16 at 21:20
1

If you send from your background script there is no problem with switching protocols but you had to declare permission to these urls:

see more at the google manifest documentation and this duplicated question

Community
  • 1
  • 1
Marvin Medeiros
  • 202
  • 4
  • 22
  • It is not the same question. I seem to can not send post message to my server with if one is http and one is https whatever you add in your manifest. But you are right about that i can send them from background. I have tried it now and it worked! Thanks – mert Feb 18 '16 at 20:06