Issue with reading Response headers

Question

I am trying to build a chrome extension for which i need to ping to different machines.The code which i tried with is able to read the response headers for a https site but not for http.I am new to Javascripting. Any help would be great.I understand it is a CORS issue and tried setting the headers in the client code.many forums mention it setting al the server side but where can I do in this case? Please find the code below and the plugin UI and response returned from https site in the snapshot.

Code--

url="https://www.icicibank.com/";
//url = "www.rediff.com/";  
ping = new XMLHttpRequest(); 
ping.open("get", url,true);
//ping.setRequestHeader("Access-Control-Allow-Origin","*"); 
// ping.setRequestHeader("Access-Control-Allow-Credentials", "true");
ping.send(null)
ping.onreadystatechange=function() {
if (ping.readyState==4) {
alert(ping.getAllResponseHeaders());
//alertify.alert(ping.getAllResponseHeaders());
}
}

Thanks

Answer 1

CORS is indeed part of the server response, not the request. So you cannot "set" it on your side.

However, extensions are allowed to bypass CORS restrictions and make cross-origin requests. But for that you need to list domains you're going to connect to in manifest permissions. The user will be warned, at install time, that you'll interact with those domains.

For example, to allow requests to http://example.com and https://example.com domains regardless of CORS, you need to include in the manifest:

"permissions" : [
  "*://example.com/"
],

If you can't say which sites you'll need to connect to in advance, you'll either need permissions for all urls (special permission, literally, "<all_urls>") or use Optional Permissions to request that at runtime.