[SOLVED] @connect tag not working in TamperMonkey/Chrome?

@connect tag not working in TamperMonkey/Chrome?

I have an issue similar to this one, except—as far as I can tell—my directives are correct as per the answer on that question.

My header is as follows:

// ==UserScript==
// @name         My Userscript
// @namespace    com.example.my-userscript
// @version      0.2.14
// @description  Do things
// @author       Doktor J
// @match        https://example.com/index.php?id=*
// @icon         https://www.google.com/s2/favicons?sz=64&domain=example.com
// @require      https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
// @require      https://example.org/path/jquery-csv.min.js
// @license      Mozilla Public License 2.0
// @grant        GM_addStyle
// @grant        GM_xmlhttpRequest
// @connect      example.org
// ==/UserScript==

However, when I call the following:

GM_xmlhttpRequest({
    method: "GET",
    url: "https://example.org/path/data.csv",
    onload: function (response) {
        console.log(response.status);
        myData = $.csv.toObjects(response.responseText);
    }
});

I still get the following error:

VM122:10 injected: Refused to connect to "https://example.org/path/data.csv": URL is not permitted

Solution

Fun fact, apparently when you don't have the @connect tag and that warning dialog comes up, if you don't respond quickly enough it blacklists the URL, and the blacklist appears to override the @connect directive.

If this happens:

go to your userscript in Tampermonkey, go to its "Settings" sub-tab (in the left-aligned tab bar below the main Tampermonkey tab bar, otherwise you'll end up in the Tampermonkey settings rather than your userscript's settings).
Scroll down to "XHR Security" and check the "User domain blacklist" box
Select your newly-blacklisted domain in there and click "Remove"