Since when do we allow cross-site XHR from content scripts? And is XHR to a different origin supposed to work without cookies?
-Nick On Wed, Oct 21, 2009 at 9:00 AM, Matias Pelenur <[email protected]>wrote: > Thanks Adam, I'll write a repro case and file a bug.BTW, I tried from the > background page, and it works perfectly (the expected cookies are sent). > > -matias > > > On Wed, Oct 21, 2009 at 11:56 AM, Adam Barth <[email protected]> wrote: > >> That sounds like a bug. Cross-site XMLHttpRequest is supposed to have >> cookies. Can you create a reduced test case? Do you have the same >> issue if you make the request directly from a web page, or is the >> content script essential to reproducing the bug? >> >> By the way, it's probably more efficient if you file a but at >> http://new.crbug.com/ and let me know the bug number. >> >> Thanks! >> Adam >> >> >> On Wed, Oct 21, 2009 at 8:45 AM, Matias Pelenur <[email protected]> >> wrote: >> > This may be a more general Chrome question, but I figured I'd start >> here. >> > On my extension, from a content script, I'm doing an XmlHttpRequest to a >> > different domain than the origin. It works just fine, but no cookies for >> > that domain are being sent, even though they exist for that domain. Is >> this >> > by design, as a security feature? >> > Thanks, >> > matias >> > >> > >> > > >> > >> > > > > > --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Chromium-extensions" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/chromium-extensions?hl=en -~----------~----~----~----~------~----~------~--~---
