How do I allow Cross-Origin Requests from greasemonkey scripts in Firefox?

Question

I'm developing a Greasemonkey script that implements a couple of tools onto a webpage. This script makes a request for data from

http://localhost/chess/heartbeat.php 

Now currently in Firefox I am getting this console error which totally stops my jQuery AJAX request for data.

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at

http://localhost/chess/heartbeat.php.

This can be fixed by moving the resource to the same domain or enabling CORS.

I am able to work around this using Google Chrome. When I have it as a simple browser extension for chrome, I'm able to have it do the same thing as Greasemonkey and I can add the following permissions to the manifest file for the plugin which allows me to make the same data request which Firefox blocked:

"permissions": [
    "<all_urls>"
  ]

Anyway, this works on chrome, but I want to achieve the same effect on Firefox. I've been researching this issue and I can't find a simple answer.

Answer 1

Normally XMLHttpRquest, and that includes jQuery's higher-level API around it, does not allow unrestricted cross-site requests but is limited by the same-origin policy and CORS.

As @epascarello already pointed out, you may use GM.xmlHttpRequest which allows you to perform any cross-site XHR even when the server does not implement CORS or allows the origin site. It also comes with some other goodies.

You should add a @grant GM.xmlHttpRequest metadata block to your user script or your script may break in the future.

Since you mentioned Chrome extensions: Firefox extensions can perform cross-site XHR as well. e.g. most user scripts should be easily portable to an SDK add-on using PageMod and enabling certain permissions analog to what you'd do in a Chrome extension.