Javascript – Cross-Origin XMLHttpRequest in chrome extensions


According to chrome extensions API cross-origin calls using XMLHttpRequest object should be allowed if permissions are set:

An extension can talk to remote servers outside of its origin, as long as it first requests cross-origin permissions.

I am closely following the tutorial but the code below is giving me an error message:

XMLHttpRequest cannot load Origin chrome-extension://bmehmboknpnjgjbmiaoidkkjfcgiimbo is not allowed by Access-Control-Allow-Origin.

I not only allowed request to, but request to any website but still can't get through.
Can anybody help?

My manifest file:

  "name": "The popup",
  "version": "0.1",
  "popup": "popup.html",
  "permissions": [
  "browser_action": {
    "default_icon": "clock-19.png",
    "default_title": "This is title",
    "default_popup": "popup.html"

the actual call:

function sendRequest() {
    document.write("Sending request");
    var req = new XMLHttpRequest();"GET", "", true);
      req.onreadystatechange = function() {
          if (req.readyState == 4) {
            if (req.status == 200) {

Best Solution

Two things; you need to make sure you are making a packaged app/extension and not a hosted one. Cross origin requests will not work with hosted apps. Assuming you got that part pinned down, you may want to try to put the following into your permissions: http://*/ . That's the only one I have for one of my packaged apps, and it does cross origin stuff without any problems.