Cross origin request warning from Tampermonkey - ccloli/E-Hentai-Downloader GitHub Wiki

Updated on Feb 01 2016: Now Tampermonkey supports wildcard * as the value of @connect, so when you receive a warning like this, please click "Always allow all domains" button, and that's all. If you don't see the button, please follow the steps below, or upgrade your Tampermonkey to v4.0.5047 and E-Hentai Downloader to 1.18.8.

Warning message from Tampermonkey


**Note: The solution below is for Tampermonkey which version is less than v4.0.5047. **

If you are using the latest Tampermonkey Beta, or received a warning of "A userscript wants to access a cross-origin resource" from Tampermonkey like this, please allow all the request and turn off "@connect-src mode" at setting page.

Warning message from Tampermonkey

What's up?

Tampermonkey added a new metadata block named @connect-src, which defines the cross-origin URLs that the script can access to with GM_xmlhttpRequest.

It's a good way to make scripts more safety for users. However, as documentation, only specified domains are allowed, and URLs like http://* is not modified. But as we know, E-Hentai uses H@H to reduce server pressure, and most of contents will be downloaded from the computer who installed H@H (just like P2P), so that the host of images cannot be detected and specified. That means there is no way to set @connect-src meta.

In Tampermonkey Beta (as for me, it's 4.0.5008), detecting @connect-src is enabled by default, so you will see the warning information like this image. But there are still some bugs on the detect function, so when you see the warning, please DON'T choose deny or close this tab. If you deny or close it, E-Hentai Downloader won't running correctly, couldn't download images, only received "Forbidden", or even being deleted (probably be a bug of TM). And there is no manager panel right now, so you cannot change the setting.

What should I do?

If you see the warning, close all download pages and choose "Allow" in all warning tabs immediately. Then right click "Tampermonkey" icon beside address bar, and choose "Options...". On Tampermonkey options page, switch to "Setting" tab, and set "Config mode" to "Advanced" on General setting. Then scroll to Security setting, and set "@connect-src mode" to "Off".

Tampermonkey setting example

If you choose "Deny", turn off the tab or doesn't choose your answer, script will not allowed to download images temporary of permanently. You can try the steps to turn off @connect-src mode, but if it still not working, or the script was gone, delete the script and reinstall it. And if it still not working, backup all scripts and reset your Tampermonkey if required.