Firefox Cross Domain Request

Question

I need to make a cross domain request from a script that runs in firefox (it's just for development purposes).

Can this be achieved? maybe modifying the about:config keys?

Thanks!

I updated my answer, I think a firefox addon will do what you need. — rook, Mar 09 '10 at 18:20

score 3 · Answer 1 · answered Mar 09 '10 at 17:37

3

There is a great post by James Padolsey on how to to cross domain requests using jQuery, But the post also has very good resources. There need to be some tweaking to be done on the other server to allow cross domain calls using crossdomain.xml

answered Mar 09 '10 at 17:37

Teja Kantamneni

17,402
12
56
86

score 2 · Answer 2 · answered Mar 09 '10 at 17:28

2

Opera 10.5 allows for "Allow Cross Domain Access".

answered Mar 09 '10 at 17:28

Stefan Kendall

66,414
68
253
406

score 2 · Answer 3 · answered Mar 16 '10 at 13:29

A little late, but thought I'd post the info here anyway;

I didn't fully read the links in everyone's answers, but I had a quick look and I didn't see that anyone mentioned using the PrivilegeManager - Bypassing Security Restrictions and Signing Code. Using this you can have your FireFox JavaScript app invoke a request for extended security privileges in the browser, including cross domain XHR.

rook · Answer 4 · 2010-03-09T18:16:26.240

1

The Same Origin Policy applies to all browsers. Using javascript you can send GET and POST requests, but you will not be able to read the response like you can with XHR. XHR's can only be done against the domain the script is executing from. This is an important rule as it prevents wide spread Cross Site Request Forgery(CSRF) vulnerabilities.

You can use flash with a crossdomain.xml file and I think this is the most robust solution because it will do exactly what you need and have the best browser compatibility.

EDIT: If you want specifically JavaScript running on Firefox to bypass the Same Origin Policy then you can build a custom add-on. Or perhaps the Cross Domain add-on will do what you need.

edited Mar 09 '10 at 18:16

answered Mar 09 '10 at 17:33

rook

66,304
38
162
239

I do not need browser compatibility. That's why I specified that I need this on FF only. Thanks anyway – Pablo Fernandez Mar 09 '10 at 17:49
Anyone know what happened to the "Cross Domain add-on" that Rook referenced? The link appears dead but I am desperately searching for an add-on for Firefox that allows cross domain requests to be sent for development purposes (dojo mobile) – Benjamin Chodroff Nov 28 '11 at 05:16
@Benjamin Chodroff dude, no one should write an addon that anyone developer can use to send cross domain requests. That would be a massive vuln. I'm saying, an option is to write your own and then ask the user to install it. Which is still problematic from a security perspective, but if the user agrees then i guess its ok. – rook Nov 28 '11 at 16:20
1

@Rook - There is one very specific use case that is being overlooked: mobile development (using HTML/JS). Deploy your HTML/JS *locally* to the iPhone/Android and run it via file:/// and this is NOT a security problem to do cross domain. This is why I need a plugin for firefox to ignore cross domain security problems because I'm loading the files locally via file:/// so I can test the mobile application out on my regular desktop (and have tools like Firebug to help debug!) – Benjamin Chodroff Dec 02 '11 at 17:05
I think that add-on is as useful as any other add-on. Who would install that add-on if he really didn't want to do this. – andho Jan 02 '13 at 08:49

score 1 · Answer 5 · answered Mar 09 '10 at 19:35

1

cross-site xmlhttprequest with CORS

answered Mar 09 '10 at 19:35

epascarello

204,599
20
195
236

That is very cool! Still is a little restrict since it don't support all firefox versions and require sites to be compliant to this policy. Awesome info :) – Fabiano Soriani Mar 09 '10 at 20:09

score 0 · Answer 6 · answered Jul 22 '10 at 18:35

0

As mentioned by 'The Rook', you can use Flash to do cross-domain requests provided that the server you're talking to serves an XML policy file granting your server access. If you control both servers that should be easy enough to accomplish.

If you don't want to write any Flash code yourself or if you want to be able to do cross-domain over SSL/TLS check out the opensource Forge project:

http://github.com/digitalbazaar/forge/blob/master/README

answered Jul 22 '10 at 18:35

dlongley

2,078
14
17

As long as you control the server, you might as well just use CORS. – Antimony Aug 16 '13 at 04:24
That's definitely true today (2013). Although, there may still be use cases where you want/need more control over the TLS stack so the above advice may still apply. – dlongley Aug 16 '13 at 17:54

Firefox Cross Domain Request

6 Answers6

Linked