I need to make a cross domain request from a script that runs in firefox (it's just for development purposes).
Can this be achieved? maybe modifying the about:config keys?
Thanks!
views:
540answers:
8
A:
I do not believe you can, since there is nothing to gain from disabling this other than a security risk. But you can do it using AJAX (XMLHttpRequest).
Dr Hydralisk
2010-03-09 17:31:44
-1 You can't use XHR on another domain, that is a violation of the same origin policy, read the google browser handbook.
Rook
2010-03-09 17:34:31
Ah, my bad, I was thinking same origin policy and xss when I read the title.
Dr Hydralisk
2010-03-09 21:03:13
firefox (>=3.5) does implement Cross-Origin Resource Sharing draft, so you can
arjan
2010-07-22 18:45:55
+1
A:
The Same Origin Policy applies to all browsers. Using javascript you can send GET and POST requests, but you will not be able to read the response like you can with XHR. XHR's can only be done against the domain the script is executing from. This is an important rule as it prevents wide spread Cross Site Request Forgery(CSRF) vulnerabilities.
You can use flash with a crossdomain.xml file and I think this is the most robust solution because it will do exactly what you need and have the best browser compatibility.
EDIT: If you want specifically JavaScript running on Firefox to bypass the Same Origin Policy then you can build a custom add-on. Or perhaps the Cross Domain add-on will do what you need.
Rook
2010-03-09 17:33:39
I do not need browser compatibility. That's why I specified that I need this on FF only. Thanks anyway
Pablo Fernandez
2010-03-09 17:49:30
+3
A:
There is a great post by James Padolsey on how to to cross domain requests using jQuery, But the post also has very good resources. There need to be some tweaking to be done on the other server to allow cross domain calls using crossdomain.xml
Teja Kantamneni
2010-03-09 17:37:05
+2
A:
For a while this subject intrigued me..
I have't tested, but it is likely this solution can do the job using a CSS request relying on Server side support
Fabiano PS
2010-03-09 18:00:07
That is very cool! Still is a little restrict since it don't support all firefox versions and require sites to be compliant to this policy. Awesome info :)
Fabiano PS
2010-03-09 20:09:06
A:
A little late, but thought I'd post the info here anyway;
I didn't fully read the links in everyone's answers, but I had a quick look and I didn't see that anyone mentioned using the PrivilegeManager - Bypassing Security Restrictions and Signing Code. Using this you can have your FireFox JavaScript app invoke a request for extended security privileges in the browser, including cross domain XHR.
Dean Burge
2010-03-16 13:29:41
A:
As mentioned by 'The Rook', you can use Flash to do cross-domain requests provided that the server you're talking to serves an XML policy file granting your server access. If you control both servers that should be easy enough to accomplish.
If you don't want to write any Flash code yourself or if you want to be able to do cross-domain over SSL/TLS check out the opensource Forge project:
dlongley
2010-07-22 18:35:25