Possible Inaccuracy in Documentation: Cross-Domain XHR Requests by Content Scripts #36438
Assignees
Labels
Content:WebExt
WebExtensions docs
Comments
DDDDD12138
added
the
needs triage
|
Thanks for calling this out. I suspect that this line was true when it was added and we didn't catch it when content scripts became subject to the injection context's CORS restrictions. |
rebloor
removed
the
needs triage
|
Do we need to update the documentation now? I think we can remove that sentence, as this is no different from ordinary scripts anymore.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
MDN URL
https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension#content_scripts_2
What specific section or headline is this issue about?
No response
What information was incorrect, unhelpful, or incomplete?
In browser extensions, the statement that content scripts can make cross-domain XHR requests may be incorrect.
What did you expect to see?
The documentation might benefit from a clarification that content scripts are usually subject to the same-origin policy and cannot make cross-domain XHR requests without proper CORS configuration or by using background scripts.
Do you have any supporting links, references, or citations?
No response
Do you have anything more you want to share?
No response
The text was updated successfully, but these errors were encountered: