I have developed a Chrome Extension that takes a screenshot of the current tab and uploads it to a server via ajax on a schedule. It works perfectly on two servers I used to test it, but when I transitioned to a new server, the ajax calls are now producing 403 errors.
The only change that I can see is that the new server is has an SSL certificate, but allows plain http access. Also, I have a subdomain that I have been testing that does not have any SSL configured.
My upload script is as follows:
var xhr = new XMLHttpRequest(), formData = new FormData();
xhr.addEventListener("load", processSuccess);
xhr.addEventListener("error", processError);
formData.append("img", screenshotUrl);
formData.append("auth_string", auth_string);
formData.append("site", site);
xhr.open("POST", upload_url, true);
xhr.send(formData);
In my manifest, I have the following permissions:
"permissions": [
"activeTab",
"tabs",
"<all_urls>",
"alarms",
"storage",
"http://**********" //the url to the script
]
The specific URL is overkill I assume, given the <all_urls>
permission, and I tried it with both http and https.
I know there are complications with secure content calling or referencing insecure scripts or resources, but I didn't think having a https configured server would affect anything.
The page is browser accessible, and have the same permissions it did on the last two servers.
The console error I get is:
POST https://****/upload_string.php 403 (Forbidden)
(anonymous function)
target.(anonymous function)
safeCallbackApply
handleResponse