deathcap
commented
8 years ago This https://github.com/deathcap/nodeachrome/pull/6 broke npm, it needs XHR to access the remote registry (unless use a CORS proxy like https://github.com/deathcap/webnpm/blob/29ae8386440faff114bc5965c2d29fac6f18e536/webnpm.js#L236-L245 but why do that in a Chrome extension which doesn't need one?):
> evalsb('npm_cli(["/bin/node", "npm", "view", "voxel-engine"])')
undefined
npm-cli.js:109 npm.load: null
send-native.js:51 sendNative Object {method: "fs.stat", params: Array[1], id: 39}
send-native-proxy.js:36 decodeResponse Object {error: Object, id: 39}
request.js:115 OPTIONS https://registry.npmjs.org/voxel-engine ClientRequest._onFinish @ request.js:115(anonymous function) @ request.js:57EventEmitter.emit @ events.js:74finishMaybe @ _stream_writable.js:475endWritable @ _stream_writable.js:485Writable.end @ _stream_writable.js:455ClientRequest.end @ request.js:247Request.end @ request.js:1421end @ request.js:580(anonymous function) @ request.js:594Item.run @ browser.js:64drainQueue @ browser.js:34setTimeout (async)process.nextTick @ browser.js:54Request.init @ request.js:538Request @ request.js:142request @ index.js:55makeRequest @ request.js:149(anonymous function) @ request.js:66(anonymous function) @ attempt.js:18RetryOperation.attempt @ retry_operation.js:74attempt @ attempt.js:11regRequest @ request.js:65CachingRegistryClient._invalidatingRequest @ caching-client.js:34get_ @ caching-client.js:141(anonymous function) @ caching-client.js:90sendNative @ fs.js:112decodeResponse @ send-native-proxy.js:39callbacks.set @ send-native-proxy.js:53handleIncoming @ send-native-proxy.js:31window.addEventListener @ send-native-proxy.js:21postMessage (async)postSandbox @ send-native.js:11recvIncoming @ send-native.js:22EventImpl.dispatchToListener @ extensions::event_bindings:387publicClass.(anonymous function) @ extensions::utils:94EventImpl.dispatch_ @ extensions::event_bindings:371EventImpl.dispatch @ extensions::event_bindings:393publicClass.(anonymous function) @ extensions::utils:94dispatchOnMessage @ extensions::messaging:320
sandbox.html:1 Fetch API cannot load https://registry.npmjs.org/voxel-engine. Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'null' is therefore not allowed access. The response had HTTP status code 405. If an opaque response serves your needs, set the request's mode to 'no-cors' to fetch the resource with CORS disabled.
As described on https://github.com/deathcap/nodeachrome/issues/3#issuecomment-214614927, Chrome extensions can perform arbitrary XMLHttpRequests, given the appropriate permissions manifest, but only on the main thread.
Since most of the code now runs in a sandbox iframe as of https://github.com/deathcap/nodeachrome/pull/6, XMLHttpRequest loses its power and will need to be proxied back from the sandbox to main, for full network access.