javascript 如何在 Firefox 中允许来自greasemonkey 脚本的跨域请求?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/24688294/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I allow Cross-Origin Requests from greasemonkey scripts in Firefox?
提问by user3810422
I'm developing a Greasemonkey script that implements a couple of tools onto a webpage. This script makes a request for data from
我正在开发一个 Greasemonkey 脚本,它在网页上实现了几个工具。此脚本请求来自
http://localhost/chess/heartbeat.php
Now currently in Firefox I am getting this console error which totally stops my jQuery AJAX request for data.
现在在 Firefox 中,我收到此控制台错误,这完全停止了我的 jQuery AJAX 数据请求。
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at
跨域请求被阻止:同源策略不允许在以下位置读取远程资源
http://localhost/chess/heartbeat.php.
This can be fixed by moving the resource to the same domain or enabling CORS.
这可以通过将资源移动到同一域或启用 CORS 来解决。
I am able to work around this using Google Chrome. When I have it as a simple browser extension for chrome, I'm able to have it do the same thing as Greasemonkey and I can add the following permissions to the manifest file for the plugin which allows me to make the same data request which Firefox blocked:
我可以使用 Google Chrome 解决这个问题。当我将它作为一个简单的 chrome 浏览器扩展时,我可以让它做与 Greasemonkey 相同的事情,我可以将以下权限添加到插件的清单文件中,这允许我发出与 Firefox 相同的数据请求阻止:
"permissions": [
"<all_urls>"
]
Anyway, this works on chrome, but I want to achieve the same effect on Firefox. I've been researching this issue and I can't find a simple answer.
无论如何,这适用于 chrome,但我想在 Firefox 上实现相同的效果。我一直在研究这个问题,但找不到简单的答案。
回答by nmaier
Normally XMLHttpRquest, and that includes jQuery's higher-level API around it, does not allow unrestricted cross-site requests but is limited by the same-origin policy and CORS.
通常XMLHttpRquest,包括围绕它的 jQuery 的更高级别的 API,不允许不受限制的跨站点请求,但受同源策略和CORS 的限制。
As @epascarello already pointed out, you may use GM_xmlhttpRequest(Scriptish) which allows you to perform any cross-site XHR even when the server does not implement CORS or allows the origin site. It also comes with some other goodies.
正如@epascarello 已经指出的那样,您可以使用GM_xmlhttpRequest(Scriptish),即使服务器没有实现 CORS 或允许源站点,它也允许您执行任何跨站点 XHR。它还带有其他一些好东西。
You should add a @grant GM_xmlhttpRequestmeta data block to your user script, or your script may break in the future.
您应该将@grant GM_xmlhttpRequest元数据块添加到您的用户脚本中,否则您的脚本将来可能会中断。
Since you mentioned Chrome extensions: Firefox extensions can perform cross-site XHR as well.
E.g. most user scripts should be easily portable to an SDK add-on using PageModand enabling certain permissionsanalog to what you'd do in a Chrome extension.
既然你提到了 Chrome 扩展:Firefox 扩展也可以执行跨站点 XHR。例如,大多数用户脚本应该可以很容易地移植到 SDK 插件中,使用PageMod和启用某些类似于您在 Chrome 扩展程序中所做的权限。
