Chrome 中的 GM_xmlhttpRequest?
当我尝试在 chrome 中使用它来访问我编写的简单 API 时,它会抛出此错误:
XMLHttpRequest cannot load http://67.19.91.186/~needsed/api/get/ZEZrBZYIynQ. Origin http://bestofyoutube.com is not allowed by Access-Control-Allow-Origin.
从我一直在做的阅读来看,它看起来像是 XSS 的问题。 chrome中的API真的无法访问吗?
When I try to use this in chrome to access a simple API I wrote, it throws this error:
XMLHttpRequest cannot load http://67.19.91.186/~needsed/api/get/ZEZrBZYIynQ. Origin http://bestofyoutube.com is not allowed by Access-Control-Allow-Origin.
From the reading I've been doing, it looks like it's an issue with XSS. Is it really impossible to access APIs in chrome?
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
这是正确的。根据问题,他们计划不过,它。
同时,您可以改用扩展程序。
That's correct. According to the issue, they're planning to do it, though.
In the mean time, you can instead use an extension.
TamperMonkey 扩展提供了功能齐全的 Greasemonkey API,包括跨域 GM_xmlhttpRequest。
https://chrome.google.com/extensions/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
黑色画布脚本处理程序扩展具有相同的功能,但具有改进的 GUI:
https://chrome.google.com/extensions/ detail/pipnnjjknlabchljabhmnpdfpdobpnkk
我自己的一个解决方案是通过 JSONP 代理模拟 GM XHR 请求:
http ://hwi.ath.cx/javascript/xhr_via_json/
除了需要代理之外,它还打开了一个安全漏洞,因为回调函数必须嵌入到 unsafeWindow 中。但至少它不需要用户安装任何额外的扩展!
希望他们在 2011 年能够抽出时间来支持它。:)
The TamperMonkey extension provides a fully functioning Greasemonkey API, including cross-domain GM_xmlhttpRequest.
https://chrome.google.com/extensions/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
The Black Canvas Script Handler extension does the same, with an improved GUI:
https://chrome.google.com/extensions/detail/pipnnjjknlabchljabhmnpdfpdobpnkk
A solution of my own was to simulate GM XHR requests via a JSONP proxy:
http://hwi.ath.cx/javascript/xhr_via_json/
As well as requiring the proxy, it also opens a security hole, because the callback function must be embedded in unsafeWindow. But at least it doesn't require the user to install any extra extensions!
Let's hope they get around to supporting it for 2011. :)