GM_xmlhttpRequest in chrome?
https://stackoverflow.com/questions/4201123
-
25-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
When I try to use this in chrome to access a simple API I wrote, it throws this error:
XMLHttpRequest cannot load http://67.19.91.186/~needsed/api/get/ZEZrBZYIynQ. Origin http://bestofyoutube.com is not allowed by Access-Control-Allow-Origin.
From the reading I've been doing, it looks like it's an issue with XSS. Is it really impossible to access APIs in chrome?
OTHER TIPS
The TamperMonkey extension provides a fully functioning Greasemonkey API, including cross-domain GM_xmlhttpRequest.
https://chrome.google.com/extensions/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
The Black Canvas Script Handler extension does the same, with an improved GUI:
https://chrome.google.com/extensions/detail/pipnnjjknlabchljabhmnpdfpdobpnkk
A solution of my own was to simulate GM XHR requests via a JSONP proxy:
http://hwi.ath.cx/javascript/xhr_via_json/
As well as requiring the proxy, it also opens a security hole, because the callback function must be embedded in unsafeWindow. But at least it doesn't require the user to install any extra extensions!
Let's hope they get around to supporting it for 2011. :)
