mdn / content

The content behind MDN Web Docs
https://developer.mozilla.org
Other
9.18k stars 22.47k forks source link

Possible Inaccuracy in Documentation: Cross-Domain XHR Requests by Content Scripts #36438

Open DDDDD12138 opened 1 week ago

DDDDD12138 commented 1 week ago

MDN URL

https://developer.mozilla.org/en-US/docs/Mozilla/Add-ons/WebExtensions/Anatomy_of_a_WebExtension#content_scripts_2

What specific section or headline is this issue about?

No response

What information was incorrect, unhelpful, or incomplete?

In browser extensions, the statement that content scripts can make cross-domain XHR requests may be incorrect.

image

What did you expect to see?

The documentation might benefit from a clarification that content scripts are usually subject to the same-origin policy and cannot make cross-domain XHR requests without proper CORS configuration or by using background scripts.

Do you have any supporting links, references, or citations?

No response

Do you have anything more you want to share?

No response

dotproto commented 6 days ago

Thanks for calling this out. I suspect that this line was true when it was added and we didn't catch it when content scripts became subject to the injection context's CORS restrictions.

DDDDD12138 commented 6 days ago

Do we need to update the documentation now? I think we can remove that sentence, as this is no different from ordinary scripts anymore.

Can I contribute to it?