I am attempting to make an ajax call when the browser is on my webpage it works perfectly but as soon as I leave my domain, it fails. This is for a closed system that user knows they are being tracked so nothing shady going on. I am receiving an error 406 on everything outside of my domain. For example if I on my url of www.mywebpage.com the script executes perfectly, but as soon as I visit www.yourwebpage.com it returns the error.
I have tried setting the permissions in the manifest.json to my URL, all urls, specific urls but it behaves the same way. Here is my background.js
chrome.runtime.onMessage.addListener
(
function(message, sender, sendResponse)
{
if(message.applicationcode==VALIDAPPLICATIONKEY)
{
var salt=message.salt;
var learnerid=message.learnerid;
var behaviorkey=message.behaviorkey;
var behaviorname=message.behaviorname;
var behaviorkeyname=message.behaviorkeyname;
chrome.tabs.query
(
{active: true},
function(arrayOfTabs)
{
var data = new FormData();
data.append('Salt', salt);
data.append('LearnerID', learnerid);
data.append('BehaviorKey', behaviorkey);
data.append('BehaviorName', behaviorname);
data.append('BehaviorKeyName', behaviorkeyname);
data.append('BehaviorValue', arrayOfTabs[0].url);
var xhr = new XMLHttpRequest();
xhr.open('POST', 'https://www.mywebpage.com/myservice.php', true);
xhr.onreadystatechange = function()
{
if (xhr.readyState == 4)
{
// JSON.parse does not evaluate the attacker's scripts.
var resp = JSON.parse(xhr.responseText);
console.log(resp);
}
}
xhr.send(data);
}
);//end query
return true;
}
}
);//end listener
Here is my current manifest file.
{
manifest_version: 2,
name: Application,
description: Plugin,
version: 1.0,
background:
{
scripts: [jquery.js,background.js],
persistent: true
},
permissions: [
tabs,http://www.mywebpage.com/*,https://www.mywebpage.com/*
],
browser_action:
{
default_icon: icon.png,
default_popup: popup.html
},
content_scripts:
[
{
matches: [<all_urls>],
js: [jquery.js,popup.js]
}
]
}
Any thoughts or help on this would be greatly appreciated. According to the documentation here what I am trying to do is allowed by extensions and does work in a limited fashion. Or should this type of action being taking place in the extension page as suggested here? I am new to writing Chrome extensions and I am sure I am missing something stupid.
Thanks in advance.