问题
Can somebody please tell me how I allow CORS on firefox? I easily managed it on Chrome and IE, but I am totally failing at it with Firefox. I edited the following about:config entry
security.fileuri.strict_origin_policy = false
This attempt has been posted several times here and is told on other sites too, but it has no effect. I read the Mozilla guide to Same-origin-policies:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS
but it just explains CORS and the related topics. A workaround to enable it on FF is not listed.
I would really appreciate a definitive solution.
ps: FORCECORS does not work either somehow...
回答1:
Do nothing to the browser. CORS is supported by default on all modern browsers (and since Firefox 3.5).
The server being accessed by JavaScript has to give the site hosting the HTML document in which the JS is running permission via CORS HTTP response headers.
security.fileuri.strict_origin_policy is used to give JS in local HTML documents access to your entire hard disk. Don't set it to false as it makes you vulnerable to attacks from downloaded HTML documents (including email attachments).
回答2:
It's only possible when the server sends this header: Access-Control-Allow-Origin: *
If this is your code then you can setup it like this (PHP):
header('Access-Control-Allow-Origin: *');
回答3:
I was stucked with this problem for a long time (CORS does not work in FF, but works in Chrome and others). No advice could help. Finally, i found that my local dev subdomain (like sub.example.dev) was not explicitly mentioned in /etc/hosts, thus FF just is not able to find it and shows confusing error message 'Aborted...' in dev tools panel.
Putting the exact subdomain into my local /etc/hosts fixed the problem. /etc/hosts is just a plain-text file in unix systems, so you can open it under the root user and put your subdomain in front of '127.0.0.1' ip address.
回答4:
This Firefox add-on may work for you:
https://addons.mozilla.org/en-US/firefox/addon/cors-everywhere/
It can toggle CORS on and off for development purposes.
回答5:
Just to remember 2 simple steps:
about:config
security.fileuri.strict_origin_policy → false
Works on both DTP & Android, but sometimes returns to true.
回答6:
Very often you have no option to setup the sending server so what I did I changed the XMLHttpRequest.open call in my javascript to a local get-file.php file where I have the following code in it:
<?php
$file = file($_GET['url']);
echo implode('', $file);
?>javascript is doing this:
var xhttp = new XMLHttpRequest();
xhttp.onreadystatechange = function() {
if (this.readyState == 4 && this.status == 200) {
// File content is now in the this.responseText
}
};
xhttp.open("GET", "get-file.php?url=http://site/file", true);
xhttp.send();In my case this solved the restriction/situation just perfectly. No need to hack Firefox or servers. Just load your javascript/html file with that small php file into the server and you're done.
回答7:
just type in your browser CORS add in firefox Then download this and install on browser finally you found top right side one Core spell to toggle that green for enable and red for not enable
来源:https://stackoverflow.com/questions/25504851/how-to-enable-cors-on-firefox