Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Cross-origin XHR from a user script in Google Chrome

Has anybody had any luck performing cross origin XHRs from a user script in Google Chrome? The requests go through to the server (I can see them in the logs) but, the readystatechanged event is never fired.

Extension permissions don't seem to be doing the trick. Neither is JSONP.

like image 613
Pranav Avatar asked Dec 20 '09 19:12

Pranav


2 Answers

Current versions of Chrome (13.0.781 or later) now support most or all of the GM_xmlhttpRequest()Doc functionality -- including cross-domain requests.
See Issue 18857: Support cross-site XMLHttpRequest in content scripts.

So this script works perfectly fine now on Chrome (and Firefox, of course):

// ==UserScript==
// @name            _Cross domain (XSS) GM_xmlhttpRequest, Chrome too
// @include         http://stackoverflow.com/*
// @grant           GM_xmlhttpRequest
// ==/UserScript==

GM_xmlhttpRequest ( {
    method:     "GET",
    url:        "http://www.google.com/",
    onload:     function (response) {
                    console.log (   response.status,
                                    response.responseText.substring (0, 80)
                                );
                }
} );


(Install that script, then browse any SO page. The script will write the first 80 characters of the Google home page to the console.)

like image 90
Brock Adams Avatar answered Sep 17 '22 12:09

Brock Adams


As of Chrome 13, you can do cross origin requests in Content Scripts if you included the permission to the website in the manifest.

A user script in Chrome is a content script. Content scripts cannot make cross-origin XHRs. If you wish to do cross-origin XHRs, it should be done in the extension pages (background, popup, options).

For more info: http://code.google.com/chrome/extensions/content_scripts.html http://code.google.com/chrome/extensions/xhr.html

like image 25
Mohamed Mansour Avatar answered Sep 17 '22 12:09

Mohamed Mansour