0

Trying to develop a simple Firefox extension. The extension takes a particular website and embeds the page in a predefined spot in another webpage. So two different domains, not related to each other at all. I understand that the same origin policy does not apply to browser extensions, and I looked through other stackoverflow questions such as this one as well as here.

My issue is I've added the permissions tag in my manifest.json file, like so:

"permissions": ["*://www.abcwebsite.com/*"]

Where abcwebsite.com is the website I'm trying to embed. I also added both websites to the "matches" tag within content_scripts.

However, I'm still unable to access the DOM structure of the embedded website.

I can embed the entire website just fine, but I'm trying to only embed a specific part of the page. I'm not sure where I'm going wrong,

Amin
  • 600
  • 1
  • 4
  • 17

1 Answers1

2

The extension takes a particular website and embeds the page in a predefined spot in another webpage

You are not skipping the same-origin-policy, since one origin loads content of another origin. The browser executing client code applies the same policy using an extension or not. The general concept is that you cannot share resources between two origins unless the origin that shares allow specifically the other origin.

Background scripts, otherwise

can make XHR requests to any hosts for which they have host permissions.

source

So the solution to this problem is a background issue if it were possible.

Emeeus
  • 4,104
  • 2
  • 14
  • 32
  • That line is a little confusing to me, does it mean I'm setting the permissions accordingly or does it essentially mean I have to have access to the alien domain? – Amin Aug 10 '19 at 21:30
  • You only need both sites included in matches. There is no other problem with permissions with this issue. At least the first part of this issue. – Emeeus Aug 10 '19 at 21:44
  • The solution could be different depending on what do you want exactly. But one possible solution would be, 1 -> get what you want from originA using a content script in originA, 2 -> sent that data to background 3 -> send data from background to content script in originB. – Emeeus Aug 10 '19 at 21:50
  • That's actually the exact route I'm attempting to go, but I think I'm still hitting the same origin issue since the background js or html is different from originB – Amin Aug 10 '19 at 21:59