To all userscript developers.
Tampermonkey beta now supports @connect and when it's absent an obscure confirmation page is displayed by Tampermonkey where it's not that easy to decide what to click for a user who doesn't know about these security specifics, especially in the limited amount of time the page is displayed. This may lead to an automatic blocking of XHR for the userscript, and it's not something that can be undone easily by a non-savvy user.
To fix this you should update your userscripts that use GM_xmlhttpRequest:
when the userscript fetches only from a few known domains:
// @connect domain1.com // @connect domain2.com // @connect sub.domain3.com // @connect *.domain4.com
// @connect self to whitelist the current URL
// @connect none to prevent loading resources from any source.
otherwise allow everything:
// @connect *
Quote from the documentation:
If it's not possible to declare all domains a userscript might connect to then it's a good practice to do the following: declare all known or at least all common domains that might be connected by the script. This way the confirmation dialog can be avoided for most of the users.
@connect *to the script. By doing so Tampermonkey will still ask the user whether the next connection to a not mentioned domain is allowed, but also offer a "Always allow all domains" button. If the user clicks at this button then all future requests will be permitted automatically.
Users can also whitelist all requests by adding '*' to the user domain whitelist.