Reputation: 9915
GM_xmlhttpRequest in chrome?
When I try to use this in chrome to access a simple API I wrote, it throws this error:
XMLHttpRequest cannot load http://67.19.91.186/~needsed/api/get/ZEZrBZYIynQ. Origin http://bestofyoutube.com is not allowed by Access-Control-Allow-Origin.
From the reading I've been doing, it looks like it's an issue with XSS. Is it really impossible to access APIs in chrome?
Upvotes: 4
Views: 3660
Answers (2)
Reputation: 31265
The TamperMonkey extension provides a fully functioning Greasemonkey API, including cross-domain GM_xmlhttpRequest.
https://chrome.google.com/extensions/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
The Black Canvas Script Handler extension does the same, with an improved GUI:
https://chrome.google.com/extensions/detail/pipnnjjknlabchljabhmnpdfpdobpnkk
A solution of my own was to simulate GM XHR requests via a JSONP proxy:
http://hwi.ath.cx/javascript/xhr_via_json/
As well as requiring the proxy, it also opens a security hole, because the callback function must be embedded in unsafeWindow. But at least it doesn't require the user to install any extra extensions!
Let's hope they get around to supporting it for 2011. :)
Upvotes: 2
Reputation: 284796
That's correct. According to the issue, they're planning to do it, though.
In the mean time, you can instead use an extension.
Upvotes: 2
Related Questions
- Use GM_xmlhttpRequest to POST data on Chrome?
- How to use GM_xmlhttpRequest in Injected Code?
- GM.xmlHttpRequest : Could not understand the URL
- GM.xmlHttpRequest: Received no URL Error
- GM_xmlhttpRequest breaks script
- Chrome XMLHttpRequest reference
- How to call GM_xmlhttpRequest within a webpage?
- Google Chrome extension with custom XMLHttpRequest
- XMLHttpRequest for chrome-extension protocol
- Fetching xml with GM_xmlhttpRequest