I am attempting to make an ajax call when the browser is on my webpage it works perfectly but as soon as I leave my domain, it fails. This is for a closed system that user knows they are being tracked so nothing shady going on. I am receiving an error 406 on everything outside of my domain. For example if I on my url of www.mywebpage.com the script executes perfectly, but as soon as I visit www.yourwebpage.com it returns the error.

I have tried setting the permissions in the manifest.json to my URL, all urls, specific urls but it behaves the same way. Here is my background.js

chrome.runtime.onMessage.addListener

(

    function(message, sender, sendResponse) 

    {

        if(message.applicationcode==VALIDAPPLICATIONKEY)

        {

            var salt=message.salt;

            var learnerid=message.learnerid;

            var behaviorkey=message.behaviorkey;

            var behaviorname=message.behaviorname;

            var behaviorkeyname=message.behaviorkeyname;

            chrome.tabs.query

            (

                {active: true}, 

                function(arrayOfTabs) 

                {

                    var data = new FormData();

                    data.append('Salt', salt);

                    data.append('LearnerID', learnerid);

                    data.append('BehaviorKey', behaviorkey);

                    data.append('BehaviorName', behaviorname);

                    data.append('BehaviorKeyName', behaviorkeyname);

                    data.append('BehaviorValue', arrayOfTabs[0].url);

                    var xhr = new XMLHttpRequest();

                    xhr.open('POST', 'https://www.mywebpage.com/myservice.php', true);

                    xhr.onreadystatechange = function() 

                    {

                        if (xhr.readyState == 4) 

                        {

                            // JSON.parse does not evaluate the attacker's scripts.

                            var resp = JSON.parse(xhr.responseText);

                            console.log(resp);

                        }

                    }

                    xhr.send(data);     

                }

            );//end query

            return true;

        }

    }

);//end listener

Here is my current manifest file.

{

    manifest_version: 2,

    name: Application,

    description: Plugin,

    version: 1.0,

    background: 

    {

        scripts: [jquery.js,background.js],

         persistent: true

    },

    permissions: [

        tabs,http://www.mywebpage.com/*,https://www.mywebpage.com/*



    ],

    browser_action: 

    {

        default_icon: icon.png,

        default_popup: popup.html

    },

    content_scripts: 

    [

        {

            matches: [<all_urls>],

            js: [jquery.js,popup.js]

        }

    ]

}

Any thoughts or help on this would be greatly appreciated. According to the documentation here what I am trying to do is allowed by extensions and does work in a limited fashion. Or should this type of action being taking place in the extension page as suggested here? I am new to writing Chrome extensions and I am sure I am missing something stupid.

Thanks in advance.