When I try to use this in chrome to access the simple API that I wrote, it throws this error:
XMLHttpRequest cannot load http://67.19.91.186/~needsed/api/get/ZEZrBZYIynQ. Origin http://bestofyoutube.com is not allowed by Access-Control-Allow-Origin.
From the reading I did, it looks like this is a problem with XSS. Is it really impossible to access the API in chrome?
It is right. According to issue , they plan to do this.
At the same time, you can use extension .
The TamperMonkey extension provides a fully functioning Greasemonkey API, including the cross-domain GM_xmlhttpRequest.
https://chrome.google.com/extensions/detail/dhdgffkkebhmkfjojejmpbldmpobfkfo
The Black Canvas Script handler extension does the same with the enhanced GUI:
https://chrome.google.com/extensions/detail/pipnnjjknlabchljabhmnpdfpdobpnkk
My solution was to simulate GM XHR requests through a JSONP proxy:
http://hwi.ath.cx/javascript/xhr_via_json/
In addition to requiring a proxy server, it also opens a security hole, since the callback function must be built into unsafeWindow. But at least it does not require the user to install any additional extensions!
Let's hope they help support him in 2011. :)