Getting HTTP 405 from a Chrome extension?

I recently spent some time pulling my hair at a Chrome extension problem, and it turned out to be something rather silly.

I was attempting to do AJAX requests from an extension to a test local REST service, which I’d written in Clojure using Liberator. GET requests did get to the server, POST didn’t. In either case, however, the extension did not get a reply, and Chrome just reported that it was returning a method not allowed because the resource didn’t have an Access-Control-Allow-Origin header.

This was very odd. First, why would Liberator not fail on GETs at all? Liberator should only return 405 when the request method is not allowed - when did this change, if ever? And then, even if it was a Liberator configuration issue, why would I be able to successfully make requests to it using HTTPie from a terminal?

There was lots of fumbling involved, including returning the header along with the ring response, but I’ll save you the headache. The solution was much simpler.

The extension was missing the permission to talk to http://localhost:3000/ where the service was running.

Don’t ask me why the obscure error message, or why does Chrome 45.0.2454.101 still allow GET requests to go out only to then apparently force a 405 before giving the extension the response. If you’re getting a 405 on requests from a Chrome extension, make sure you have the right site on the permissions.

Author

...
Ricardo J. Méndez