In a React app component which handles Facebook-like content feeds, I am running into an error:
Feed.js:94 undefined "parsererror" "SyntaxError: Unexpected token < in JSON at position 0
I ran into a similar error which turned out to be a typo in the HTML within the render function, but that doesn't seem to be the case here.
More confusingly, I rolled the code back to an earlier, known-working version and I'm still getting the error.
Feed.js:
import React from 'react';
var ThreadForm = React.createClass({
getInitialState: function () {
return {author: '',
text: '',
included: '',
victim: ''
}
},
handleAuthorChange: function (e) {
this.setState({author: e.target.value})
},
handleTextChange: function (e) {
this.setState({text: e.target.value})
},
handleIncludedChange: function (e) {
this.setState({included: e.target.value})
},
handleVictimChange: function (e) {
this.setState({victim: e.target.value})
},
handleSubmit: function (e) {
e.preventDefault()
var author = this.state.author.trim()
var text = this.state.text.trim()
var included = this.state.included.trim()
var victim = this.state.victim.trim()
if (!text || !author || !included || !victim) {
return
}
this.props.onThreadSubmit({author: author,
text: text,
included: included,
victim: victim
})
this.setState({author: '',
text: '',
included: '',
victim: ''
})
},
render: function () {
return (
<form className="threadForm" onSubmit={this.handleSubmit}>
<input
type="text"
placeholder="Your name"
value={this.state.author}
onChange={this.handleAuthorChange} />
<input
type="text"
placeholder="Say something..."
value={this.state.text}
onChange={this.handleTextChange} />
<input
type="text"
placeholder="Name your victim"
value={this.state.victim}
onChange={this.handleVictimChange} />
<input
type="text"
placeholder="Who can see?"
value={this.state.included}
onChange={this.handleIncludedChange} />
<input type="submit" value="Post" />
</form>
)
}
})
var ThreadsBox = React.createClass({
loadThreadsFromServer: function () {
$.ajax({
url: this.props.url,
dataType: 'json',
cache: false,
success: function (data) {
this.setState({data: data})
}.bind(this),
error: function (xhr, status, err) {
console.error(this.props.url, status, err.toString())
}.bind(this)
})
},
handleThreadSubmit: function (thread) {
var threads = this.state.data
var newThreads = threads.concat([thread])
this.setState({data: newThreads})
$.ajax({
url: this.props.url,
dataType: 'json',
type: 'POST',
data: thread,
success: function (data) {
this.setState({data: data})
}.bind(this),
error: function (xhr, status, err) {
this.setState({data: threads})
console.error(this.props.url, status, err.toString())
}.bind(this)
})
},
getInitialState: function () {
return {data: []}
},
componentDidMount: function () {
this.loadThreadsFromServer()
setInterval(this.loadThreadsFromServer, this.props.pollInterval)
},
render: function () {
return (
<div className="threadsBox">
<h1>Feed</h1>
<div>
<ThreadForm onThreadSubmit={this.handleThreadSubmit} />
</div>
</div>
)
}
})
module.exports = ThreadsBox
In Chrome developer tools, the error seems to be coming from this function:
loadThreadsFromServer: function loadThreadsFromServer() {
$.ajax({
url: this.props.url,
dataType: 'json',
cache: false,
success: function (data) {
this.setState({ data: data });
}.bind(this),
error: function (xhr, status, err) {
console.error(this.props.url, status, err.toString());
}.bind(this)
});
},
with the line console.error(this.props.url, status, err.toString() underlined.
Since it looks like the error seems to have something to do with pulling JSON data from the server, I tried starting from a blank db, but the error persists. The error seems to be called in an infinite loop presumably as React continuously tries to connect to the server and eventually crashes the browser.
EDIT:
I've checked the server response with Chrome dev tools and Chrome REST client, and the data appears to be proper JSON.
EDIT 2:
It appears that though the intended API endpoint is indeed returning the correct JSON data and format, React is polling http://localhost:3000/?_=1463499798727 instead of the expected http://localhost:3001/api/threads.
I am running a webpack hot-reload server on port 3000 with the express app running on port 3001 to return the backend data. What's frustrating here is that this was working correctly the last time I worked on it and can't find what I could have possibly changed to break it.
The wording of the error message corresponds to what you get from Google Chrome when you run JSON.parse('<...'). I know you said the server is setting Content-Type:application/json, but I am led to believe the response body is actually HTML.
Feed.js:94 undefined "parsererror" "SyntaxError: Unexpected token < in JSON at position 0"
with the line console.error(this.props.url, status, err.toString()) underlined.
The err was actually thrown within jQuery, and passed to you as a variable err. The reason that line is underlined is simply because that is where you are logging it.
I would suggest that you add to your logging. Looking at the actual xhr (XMLHttpRequest) properties to learn more about the response. Try adding console.warn(xhr.responseText) and you will most likely see the HTML that is being received.
You're receiving HTML (or XML) back from the server, but the dataType: json is telling jQuery to parse as JSON. Check the "Network" tab in Chrome dev tools to see contents of the server's response.
SyntaxError: Unexpected token < in JSON at position 0
You are getting an HTML file (or XML) instead of json.
Html files begin with <!DOCTYPE html>.
I "achieved" this error by forgetting the https:// in my fetch method:
fetch(`/api.github.com/users/${login}`)
.then(response => response.json())
.then(setData);
I verified my hunch:
I logged the response as text instead of JSON.
fetch(`/api.github.com/users/${login}`)
.then(response => response.text())
.then(text => console.log(text))
.then(setData);
Yep, an html file.
Solution:
I fixed the error by adding back the https:// in my fetch method.
fetch(`https://api.github.com/users/${login}`)
.then(response => response.json())
.then(setData)
.catch(error => (console.log(error)));
This ended up being a permissions problem for me. I was trying to access a url I didn't have authorization for with cancan, so the url was switched to users/sign_in. the redirected url responds to html, not json. The first character in a html response is <.
In my case, I was getting this running webpack. It turned out to be corrupted somewhere in the local node_modules dir.
rm -rf node_modules
npm install
...was enough to get it working right again.
I experienced this error "SyntaxError: Unexpected token m in JSON at position", where the token 'm' can be any other characters.
It turned out that I missed one of the double quotes in the JSON object when I was using RESTconsole for DB test, as {"name: "math"}. The correct one should be {"name": "math"}.
It took me a lot effort to figure out this clumsy mistake. I am afraid others will run into similar issues.
This error occurs when you define the response as application/json and you are getting a HTML as a response. Basically, this happened when you are writing server side script for specific url with a response of JSON but the error format is in HTML.
Those who are using create-react-app and trying to fetch local json files.
As in create-react-app, webpack-dev-server is used to handle the request and for every request it serves the index.html. So you are getting
SyntaxError: Unexpected token < in JSON at position 0.
To solve this, you need to eject the app and modify the webpack-dev-server configuration file.
You can follow the steps from here.
I was facing the same issue.
I removed the dataType:'json' from the $.ajax method.
In a nutshell, if you're getting this error or a similar error, that means only one thing: Someplace in our codebase, we were expecting a valid JSON format to process, and we didn't get one. For example,
var string = "some string";
JSON.parse(string)
will throw an error, saying
Uncaught SyntaxError: Unexpected token s in JSON at position 0
Because, the first character in string is s & it's not a valid JSON now. This can throw error in between also. like:
var invalidJSON= '{"foo" : "bar", "missedquotehere : "value" }';
JSON.parse(invalidJSON)
Will throw error:
VM598:1 Uncaught SyntaxError: Unexpected token v in JSON at position 36
because we intentionally missed a quote in the JSON string invalidJSON at position 36.
And if you fix that:
var validJSON= '{"foo" : "bar", "missedquotehere" : "value" }';
JSON.parse(validJSON)
will give you an object in JSON.
This error can be thrown in any place & in any framework/library. Most of the time you may be reading a network response which is not valid JSON. So steps of debugging this issue can be like:
curl or hit the actual API you're calling.
Log/Copy the response and try to parse it with JSON.parse. If you're getting error, fix it.
If not, make sure your code is not mutating/changing the original response.
I my case the error was a result of me not assigning my return value to a variable. The following caused the error message:
return new JavaScriptSerializer().Serialize("hello");
I changed it to:
string H = "hello";
return new JavaScriptSerializer().Serialize(H);
Without the variable JSON is unable to properly format the data.
For future googlers:
This message will be generated if the server-side function crashes.
Or if the server-side function doesn't even exist ( i.e. Typo in function name ).
So - suppose you are using a GET request... and everything looks perfect and you've triple-checked everything...
Check that GET string one more time. Mine was:
'/theRouteIWant&someVar=Some value to send'
should be
'/theRouteIWant?someVar=Some value to send'
^
CrAsH ! ( ... invisibly, on the server ...)
Node/Express sends back the incredibly helpful message:
Uncaught (in promise) SyntaxError: Unexpected token < in JSON at position 0
In my case, for an Azure hosted Angular 2/4 site, my API call to mySite/api/... was redirecting due to mySite routing issues. So, it was returning the HTML from the redirected page instead of the api JSON. I added an exclusion in a web.config file for the api path.
I was not getting this error when developing locally because the Site and API were on different ports. There is probably a better way to do this ... but it worked.
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<rewrite>
<rules>
<clear />
<!-- ignore static files -->
<rule name="AngularJS Conditions" stopProcessing="true">
<match url="(app/.*|css/.*|fonts/.*|assets/.*|images/.*|js/.*|api/.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="None" />
</rule>
<!--remaining all other url's point to index.html file -->
<rule name="AngularJS Wildcard" enabled="true">
<match url="(.*)" />
<conditions logicalGrouping="MatchAll" trackAllCaptures="false" />
<action type="Rewrite" url="index.html" />
</rule>
</rules>
</rewrite>
</system.webServer>
</configuration>
2022 UPDATE: having written this several years ago. I'd call this suggestion more of a workaround - a direct fix. The better hosting pattern is to simply not try to host these api paths under your website path; rather, host them on separate base URLs entirely. For my use case example, the API and Web path would be entirely separate Azure Web Services and would get different URL endpoints.
My problem was that I was getting the data back in a string which was not in a proper JSON format, which I was then trying to parse it. simple example: JSON.parse('{hello there}') will give an error at h. In my case the callback url was returning an unnecessary character before the objects: employee_names([{"name":.... and was getting error at e at 0. My callback URL itself had an issue which when fixed, returned only objects.
On a general level this error occurs when a JSON object is parsed that has syntax errors in it. Think of something like this, where the message property contains unescaped double quotes:
{
"data": [{
"code": "1",
"message": "This message has "unescaped" quotes, which is a JSON syntax error."
}]
}
If you have JSON in your app somewhere then it's good to run it through JSONLint to verify that it doesn't have a syntax error. Usually this isn't the case though in my experience, it's usually JSON returned from an API that's the culprit.
When an XHR request is made to an HTTP API that returns a response with a Content-Type:application/json; charset=UTF-8 header which contains invalid JSON in the response body you'll see this error.
If a server-side API controller is improperly handling a syntax error, and it's being printed out as part of the response, that will break the structure of JSON returned. A good example of this would be an API response containing a PHP Warning or Notice in the response body:
<b>Notice</b>: Undefined variable: something in <b>/path/to/some-api-controller.php</b> on line <b>99</b><br />
{
"success": false,
"data": [{ ... }]
}
95% of the time this is the source of the issue for me, and though it's somewhat addressed here in the other responses I didn't feel it was clearly described. Hopefully this helps, if you're looking for a handy way to track down which API response contains a JSON syntax error I've written an Angular module for that.
Here's the module:
/**
* Track Incomplete XHR Requests
*
* Extend httpInterceptor to track XHR completions and keep a queue
* of our HTTP requests in order to find if any are incomplete or
* never finish, usually this is the source of the issue if it's
* XHR related
*/
angular.module( "xhrErrorTracking", [
'ng',
'ngResource'
] )
.factory( 'xhrErrorTracking', [ '$q', function( $q ) {
var currentResponse = false;
return {
response: function( response ) {
currentResponse = response;
return response || $q.when( response );
},
responseError: function( rejection ) {
var requestDesc = currentResponse.config.method + ' ' + currentResponse.config.url;
if ( currentResponse.config.params ) requestDesc += ' ' + JSON.stringify( currentResponse.config.params );
console.warn( 'JSON Errors Found in XHR Response: ' + requestDesc, currentResponse );
return $q.reject( rejection );
}
};
} ] )
.config( [ '$httpProvider', function( $httpProvider ) {
$httpProvider.interceptors.push( 'xhrErrorTracking' );
} ] );
More details can be found in the blog article referenced above, I haven't posted everything found there here as it's probably not all relevant.
Make sure that response is in JSON format otherwise fires this error.
I got the same error while calling an API in React using the fetch API with the POST method.
Before:
fetch('/api/v1/tour',{
method:"POST",
headers:{"Content-type":"json/application"},
body:JSON.stringify(info)
})
.then((response)=>response.json())
.then((json)=>{
if(json.status === 'success')
alert(json.message)
else
console.log('something went wrong :(')
}).catch(e=>console.log(e))
I resolved the error by changing the headers to {"Content-type":"application/json"}:
After:
fetch('/api/v1/tour',{
method:"POST",
headers:{"Content-type":"application/json"},
body:JSON.stringify(info)
})
.then((response)=>response.json())
.then((json)=>{
if(json.status === 'success')
alert(json.message)
else
console.log('something went wrong :(')
}).catch(e=>console.log(e))
I had the same error message following a tutorial. Our issue seems to be 'url: this.props.url' in the ajax call. In React.DOM when you are creating your element, mine looks like this.
ReactDOM.render(
<CommentBox data="/api/comments" pollInterval={2000}/>,
document.getElementById('content')
);
Well, this CommentBox does not have a url in its props, just data. When I switched url: this.props.url -> url: this.props.data, it made the right call to the server and I got back the expected data.
I hope it helps.
The possibilities for this error are overwhelming.
In my case, I found that the issue was adding the homepage filed in package.json caused the issue.
Worth checking: in package.json change:
homepage: "www.example.com"
to
hompage: ""
Malformed JSON or HTML instead of JSON is the underlying cause of this issue, as described by the other answers, however in my case I couldn't reliably replicate this error, as if the server was sometimes returning valid JSON, and other times returning something else like an HTML error page or similar.
In order to avoid it breaking the page altogether, I resorted to manually trying to parse the returned content, and share it in case it helps anyone else resolve it for them.
const url = "https://my.server.com/getData";
fetch(url).then(response => {
if (!response.ok) return; // call failed
response.text().then(shouldBeJson => { // get the text-only of the response
let json = null;
try {
json = JSON.parse(shouldBeJson); // try to parse that text
} catch (e) {
console.warn(e); // json parsing failed
return;
};
if (!json) return; // extra check just to make sure we have something now.
// do something with my json object
});
});
While this obviously doesn't resolve the root cause of the issue, it can still help to handle the issue a bit more gracefully and take some kind of reasonable action in instances when it fails.
For the React app made by CRA there are two main problems we might face while fetching the JSON data of any <dummy.json>
file.
I have my dummy.json file in my project and am trying to fetch the JSON data from that file but I got two errors:
"SyntaxError: Unexpected token < in JSON at position 0 .
I got an HTML file rather than actual JSON Data in the response in the Network tab in Chrome or any browser.
Here are the main two reasons behind that which solved my issue.
Your JSON data is invalid in your JSON file.
It might be that the JSON file did not load properly for this so you just restart your React server. This is my issue, within React.
React direct running or access the public folder not the src folder.
How I solved it:
I moved my file into the public folder and access is directly in any file of the src folder.
Making a REST call in the Redux action.js:
export const fetchDummy = ()=>{
return (dispatch)=>{
dispatch(fetchDummyRequest());
fetch('./assets/DummyData.json')
.then(response => {
if (!response.ok) {
throw new Error("HTTP error " + response.status);
}
return response.json();
})
.then(result => {
dispatch(fetchDummySuccess(result))
})
.catch(function (err) {
dispatch(fetchDummyFailure(err))
})
}
}
This might be old. But it just occurred in Angular where the content type for request and response were different in my code. So check headers for
let headers = new Headers({
'Content-Type': 'application/json',
**Accept**: 'application/json'
});
in React axios
axios({
method:'get',
url:'http:// ',
headers: {
'Content-Type': 'application/json',
Accept: 'application/json'
},
responseType:'json'
})
jQuery Ajax:
$.ajax({
url: this.props.url,
dataType: 'json',
**headers: {
'Content-Type': 'application/json',
Accept: 'application/json'
},**
cache: false,
success: function (data) {
this.setState({ data: data });
}.bind(this),
error: function (xhr, status, err) {
console.error(this.props.url, status, err.toString());
}.bind(this)
});
},
After spending a lot of time with this, I found out that in my case the problem was having "homepage" defined on my package.json file made my app not work on firebase (same 'token' error).
I created my react app using create-react-app, then I used the firebase guide on the READ.me file to deploy to github pages, realized I had to do extra work for the router to work, and switched to firebase. github guide had added the homepage key on package.json and caused the deploy issue.
Protip: Testing json on a local Node.js server? Make sure you don't already have something routing to that path
'/:url(app|assets|stuff|etc)';
For me, this happened when one of the properties on the object I was returning as JSON threw an exception.
public Dictionary<string, int> Clients { get; set; }
public int CRCount
{
get
{
var count = 0;
//throws when Clients is null
foreach (var c in Clients) {
count += c.Value;
}
return count;
}
}
Adding a null check, fixed it for me:
public Dictionary<string, int> Clients { get; set; }
public int CRCount
{
get
{
var count = 0;
if (Clients != null) {
foreach (var c in Clients) {
count += c.Value;
}
}
return count;
}
}
just something basic to check, make sure you dont have anything commented out in the json file
//comments here will not be parsed and throw error
In python you can use json.Dump(str) before send result to html template.
with this command string convert to correct json format and send to html template. After send this result to JSON.parse(result) , this is correct response and you can use this.
For some, this may help you guys:
I had a similar experience with Wordpress REST API. I even used Postman to check if I had the correct routes or endpoint. I later found out that I accidentally put an "echo" inside my script - hooks:
Debug & check your console
Cause of the error
So basically, this means that I printed a value that isn't JSON that is mixed with the script that causes AJAX error - "SyntaxError: Unexpected token r in JSON at position 0"
In my case (backend), I was using res.send(token);
Everything got fixed when I changed to res.send(data);
You may want to check this if everything is working and posting as intended, but the error keeps popping up in your front-end.
In my Case there was problem with "Bearer" in header ideally it should be "Bearer "(space after the end character) but in my case it was "Bearer" there was no space after the character. Hope it helps some one!
I have a site that is loading image tiles from openstreetmap.
These images are served out from a number of sub-domains of openstreetmap.org, such as:
a.tile.openstreetmap.org
b.tile.openstreetmap.org
c.tile.openstreetmap.org
To allow this I added an img-src to my Content-Security-Policy *.openstreetmap.orgso that all subdomains should be valid.
The full img-src now reads:
img-src https: data: *.openstreetmap.org;
And for the sake of completeness the full Content-Security-Policy is:
default-src 'self'; script-src https: 'unsafe-inline' 'unsafe-eval'; style-src https: 'unsafe-inline'; img-src https: data: *.openstreetmap.org;
This seems to work as intended when the site first loads, and the page containing the maps is navigated to. There are actually multiple pages containing maps and both work.
However upon the user hitting "Refresh" the following errors occur:
Refused to connect to 'https://a.tile.openstreetmap.org/12/2011/1356.png' because it violates the document's Content Security Policy.
GET https://a.tile.openstreetmap.org/12/2010/1355.png net::ERR_FAILED
If I open Chrome dev tools and use the "Right Click on Refresh" -> "Empty Cache and Hard Reload" option to reload the page, then the image tiles load again, but only once subsequent "normal" refreshes produce the same error.
This site is using a 'serviceworker.js' and the locally servered pages are cached, but the tiles from openstreetmap.org are not. I have however manually emptied this cache, and verified that the cached versions have the correct Content-Security-Policy, so maybe the existence of the serviceworker.js is a misnomer.
EDIT 1
Posting the question made me investigate the serviceworker.js further. I removed it, and the issue was no longer present. Reinstating the service worker brought the issue back. So that is the cause.
There is nothing from openstreetmap.org in the Application cache.
EDIT 2
Further investigation has tracked down the cause, but has got me no closer to the solution. The first load works as my 'serviceworker.js' is operating on a cache-first, then network basis. So the first load theres no cache. Subsequent loads there is a cache, but the images from openstreetmap.org aren't in it.
The relevant section is:
self.addEventListener('fetch', function (event) {
event.respondWith(
// cache first then network
// but not for different origin calls, this includes API
caches.open("my-cache-" + self.sw_version)
.catch((msg) => { console.log("caches.open(): ", msg); })
.then(cache => {
return cache.match(event.request)
.catch((msg) => { console.log("cache.match(): ", msg); })
.then(response => {
return response || fetch(event.request)
.catch((msg) => { console.log("fetch(event.request): ", msg); })
.then(response => {
// if it was from a differnt origin - simply return it
if (!event.request.url.match(event.request.referrer))
return response;
console.log("ServiceWorker.caching: ", event.request.url);
cache.put(event.request, response.clone());
return response;
});
});
})
);
});
Which has identified the problem as being when the service worker makes the fetch() request after not finding it in the cache.
fetch(event.request): TypeError: Failed to fetch
Which implies that the fetch() from within the serviceworker.js isn't using the correct Content-Security-Policy, but is using one that the request violates..
The network tab of the dev tools, is showing this for the request / response..
Request
Request URL: https://b.tile.openstreetmap.org/12/2011/1355.png
Referrer Policy: no-referrer-when-downgrade
Response
Origin: https://localhost:9443
Referer: https://localhost:9443/my-app/?
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/76.0.3809.132 Safari/537.36
Edit 3
Forcing the fetch() to use the same Content-Security-Policy by explicitly setting it allowed the request to work. But this is a hackey fix, as its now declared in two places (the website as a whole, and in the serviceworker.js) so if there is a "proper" fix, or even just an explanation as to why this is required, I would still be interested.
Edit 4
I've come back to this today to have another stab.
I realized that there was an issue with my checking for remote urls - I was passing the referrer URL to the match function unescaped so it wasn't behaving as expected. I've corrected that now, and moved some code around to make it clearer (to myself).
self.addEventListener('fetch', function (event) {
// https://stackoverflow.com/a/6969486 - escape a string to use in regex
if (!event.request.url.match(event.request.referrer.replace(/[-[\]/{}()*+?.\\^$|]/g, '\\$&'))) {
fetch(event.request)
.catch((msg) => { console.log("fetch(event.request).remoteorigin: ", { event: event, error: msg }); })
.then(response => {
return response;
});
}
else {
event.respondWith(
// cache first then network
// but not for different origin calls, this includes API
caches.open("crt-scada-" + self.sw_version)
.catch((msg) => { console.log("caches.open(): ", msg); })
.then(cache => {
return cache.match(event.request)
.catch((msg) => { console.log("cache.match(): ", msg); })
.then(response => {
return response || fetch(event.request)
.catch((msg) => { console.log("fetch(event.request).sameorigin: ", { event: event, error: msg }); })
.then(response => {
cache.put(event.request, response.clone());
return response;
});
});
})
);
}
});
Now I have the weird situation where it reports the same error - but also loads the tiles from openstreetmap.
Any advice on why this might be happening would be gratefully accepted.
I am developing a Chrome extension which makes requests from certain websites to an API I control. Until Chrome 73, the extension worked correctly. After upgrading to Chrome 73, I started getting the following error:
Cross-Origin Read Blocking (CORB) blocked cross origin response
http://localhost:3000/api/users/1 with MIME type application/json
According to Chrome's documentation on CORB, CORB will block the response of a request if all of the following are true:
The resource is a "data resource". Specifically, the content type is HTML, XML, JSON
The server responds with an X-Content-Type-Options: nosniff header, or if this header is omitted, Chrome detects the content type is one of HTML, XML, or JSON from inspecting the file
CORS does not explicitly allow access to the resource
Also, according to "Lessons from Spectre and Meltdown" (Google I/O 2018), it seems like it may be important to add mode: cors to fetch invocations, i.e., fetch(url, { mode: 'cors' }).
To try to fix this, I made the following changes:
First, I added the following headers to all responses from my API:
Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: Content-Type
Access-Control-Allow-Methods: GET, POST
Access-Control-Allow-Origin: https://www.example.com
Second, I updated my fetch() invocation on the extension to look like this:
fetch(url, { credentials: 'include', mode: 'cors' })
However, these changes didn't work. What can I change to make my request not be blocked by CORB?
Based on the examples in "Changes to Cross-Origin Requests in Chrome Extension Content Scripts", I replaced all invocations of fetch with a new method fetchResource, that has a similar API, but delegates the fetch call to the background page:
// contentScript.js
function fetchResource(input, init) {
return new Promise((resolve, reject) => {
chrome.runtime.sendMessage({input, init}, messageResponse => {
const [response, error] = messageResponse;
if (response === null) {
reject(error);
} else {
// Use undefined on a 204 - No Content
const body = response.body ? new Blob([response.body]) : undefined;
resolve(new Response(body, {
status: response.status,
statusText: response.statusText,
}));
}
});
});
}
// background.js
chrome.runtime.onMessage.addListener(function(request, sender, sendResponse) {
fetch(request.input, request.init).then(function(response) {
return response.text().then(function(text) {
sendResponse([{
body: text,
status: response.status,
statusText: response.statusText,
}, null]);
});
}, function(error) {
sendResponse([null, error]);
});
return true;
});
This is the smallest set of changes I was able to make to my app that fixes the issue. (Note, extensions and background pages can only pass JSON-serializable objects between them, so we cannot simply pass the Fetch API Response object from the background page to the extension.)
Background pages are not affected by CORS or CORB, so the browser no longer blocks the responses from the API.
See https://www.chromium.org/Home/chromium-security/extension-content-script-fetches
To improve security, cross-origin fetches from content scripts are disallowed in Chrome Extensions since Chrome 85. Such requests can be made from extension background script instead, and relayed to content scripts when needed.
You can do that to avoid Cross-Origin.
Old content script, making a cross-origin fetch:
var itemId = 12345;
var url = "https://another-site.com/price-query?itemId=" +
encodeURIComponent(request.itemId);
fetch(url)
.then(response => response.text())
.then(text => parsePrice(text))
.then(price => ...)
.catch(error => ...)
New content script, asking its background page to fetch the data instead:
chrome.runtime.sendMessage(
{contentScriptQuery: "queryPrice", itemId: 12345},
price => ...);
New extension background page, fetching from a known URL and relaying data:
chrome.runtime.onMessage.addListener(
function(request, sender, sendResponse) {
if (request.contentScriptQuery == "queryPrice") {
var url = "https://another-site.com/price-query?itemId=" +
encodeURIComponent(request.itemId);
fetch(url)
.then(response => response.text())
.then(text => parsePrice(text))
.then(price => sendResponse(price))
.catch(error => ...)
return true; // Will respond asynchronously.
}
});
Allow the URL in manifest.json (more info):
ManifestV2 (classic): "permissions": ["https://another-site.com/"]
ManifestV3 (upcoming): "host_permissions": ["https://another-site.com/"]
Temporary solution: disable CORB with run command browser
--disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating
Example run command on Linux.
For Chrome:
chrome %U --disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating
For Chromium:
chromium-browser %U --disable-features=CrossSiteDocumentBlockingAlways,CrossSiteDocumentBlockingIfIsolating
Similar question.
Source.