views:

59

answers:

2

I am working on a Firefox extension that will involve ajax calls to domains that would normally fail due to the same-origin policy set by Firefox (and most modern browsers).

I was wondering if there is a way to either turn off the same-origin restriction (in about:config, perhaps) or if there was a standard lite-browser that developers turn to for this.

I really would like to avoid using any blackhat tools, if possible. Not because I'm against them, I just don't want to add another learning curve to the process.

I can use curl in PHP to confirm that the requests work, but I want to get started on writing the js that the addon will actually use, so I need a client that will execute js.

I also tried spidermonkey, but since I'm doing the ajax with jquery, it threw a fit at all of the browser-based default variables.

So, short version: is there a reliable browser/client for cross site scripting that isn't primarily a hacker app? Or can I just turn off same-domain policy in Firefox?

A: 

Use GreaseMonkey with GM_xmlhttpRequest

Matthew Flaschen
This is as good as anything. I wish it was a bit closer to the client, but this works!
Anthony
A: 

Did you look into HTTP Access Control

bwawok
That requires server support.
Matthew Flaschen