13

How to disable the web security in Firefox or how to solve CORS issue in Firefox during development?

Things tried but did not work:

  1. The option of filtering in "about:config" and setting the "security.fileuri.strict_origin_policy=false" doesn't work
  2. Tried few add-ons like "CORS-Everywhere" (https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/). Doesn't work.
halfer
  • 19,824
  • 17
  • 99
  • 186
Easwaramoorthy Kanagaraj
  • 3,925
  • 8
  • 36
  • 62
  • Are you confusing CORS and the Same Origin Policy? CORS is how a server can tell the browser to disable the Same Origin Policy for URLs hosted by that server. – Quentin Dec 30 '16 at 11:35
  • I can suggest you using Opera , you can disable CORS in it much simpler that in Firefox (see https://stackoverflow.com/a/43571952/7662526), and it will not touch your real data if your main browser is Chrome for example (in any case I recommend to disable SOP in separete browser, without real data) – Make Tips Jun 01 '17 at 15:33

1 Answers1

-23

How to disable the web security in firefox

Don't. It gives unrealistic results for testing.

how to solve CORS issue in Firefox during development

Ideally: Create a development environment that is just like the live environment.

The server side code will, at some point, need development work performed on it. Your team will need the ability to create a development server with test data in it for that. Use the same development server for working on the client side code.

That way you can do you development work:

  • without making test calls to the live server (so you never need fake test users doing fake actions on the live server with the risk that test data will escape somewhere end users will see it).
  • without cross origin issues (because your development server for your client side code will be the same as the development server for the URL you are requesting)
  • able to use relative URLs
  • with a browser that acts like the browsers used by end users

As a quick and dirty hack which doesn't have most of the benefits of using a proper test environment: Use a proxy server that maps requests to the same origin as your development environment to the live environment.

I used Charles proxy for that before I moved to having proper development environments.

Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • @SalilJunior — The first paragraph presents the question in an either/or format. This answers the second of the two options. It does answer the question. – Quentin May 03 '19 at 09:25