Cross-origin XHR from a user script in Google Chrome

Question

Has anybody had any luck performing cross origin XHRs from a user script in Google Chrome? The requests go through to the server (I can see them in the logs) but, the

Answer 1

Current versions of Chrome (13.0.781 or later) now support most or all of the GM_xmlhttpRequest()Doc functionality -- including cross-domain requests.
See Issue 18857: Support cross-site XMLHttpRequest in content scripts.

So this script works perfectly fine now on Chrome (and Firefox, of course):

// ==UserScript==
// @name            _Cross domain (XSS) GM_xmlhttpRequest, Chrome too
// @include         http://stackoverflow.com/*
// @grant           GM_xmlhttpRequest
// ==/UserScript==

GM_xmlhttpRequest ( {
    method:     "GET",
    url:        "http://www.google.com/",
    onload:     function (response) {
                    console.log (   response.status,
                                    response.responseText.substring (0, 80)
                                );
                }
} );

(Install that script, then browse any SO page. The script will write the first 80 characters of the Google home page to the console.)

Answer 2

As of Chrome 13, you can do cross origin requests in Content Scripts if you included the permission to the website in the manifest.

A user script in Chrome is a content script. Content scripts cannot make cross-origin XHRs. If you wish to do cross-origin XHRs, it should be done in the extension pages (background, popup, options).

For more info: http://code.google.com/chrome/extensions/content_scripts.html http://code.google.com/chrome/extensions/xhr.html