Firefox setting to enable cross domain Ajax request

Question

I need to temporally allow cross domain XMLHttpRequest. Changing firefox security setting seems to be the way to go. But I\'ve tried with this and this but they did

Answer 1

For modern browsers, you may try the following approach:

https://developer.mozilla.org/en/HTTP_access_control

In short, you need to add the following into the SERVER response header (the following allows access from foo.example):

Access-Control-Allow-Origin: http://foo.example
Access-Control-Allow-Methods: POST, GET, OPTIONS
Access-Control-Allow-Headers: X-PINGOTHER
Access-Control-Max-Age: 1728000

Note that the X-PINGOTHER is the custom header that is inserted by JavaScript, and should differ from site to site.

If you want any site access your server in Ajax, use * instead.

---

Edit:

When I first answered the question by 2009, I actually hit the same problem, and I worked around it using the server side config.

There was no plugin on FF or Chrome by then.

However, now we do have alternatives using the browser side plugin, please check the answer of tsds

Answer 2

Here is the thing, there is no way to "temporarily" disable cross-domain XMLHttpRequest, if you can disable it temporarily then it can be disabled permanently. This is a rather common problem in the modern-day of AJAX programming and is most often solved using the technique known as cross-domain scripting.

The idea here being is that if you call out to a cross-domain script it returns JavaScript (JSON) results that are then passed on to a function on your end.

Here is some sample code to illustrate how it may look from a JavaScript code perspective:

  function request_some_data() {
    var s = "http://my.document.url.com/my_data?p1=v1&p2=v2&callback=myfunc";

      try {
        try{
          document.write("<scr"+"ipt type='text/javascript' src='"+s+"'></scr"+"ipt>");
        } 
        catch(e){
          var x = document.createElement("script");
          x.src = s;
          document.getElementsByTagName("head")[0].appendChild(x);
        }
      }
      catch (e) {
        alert(e.message);
      }
   }

You will then define a function in your code that receives the data and in the server you "handle" the callback case, here is the client-side JavaScript:

function myfunc(data) {
  alert(data);
}

And on the server side, here i'm giving a PHP example but this can be done just as easily in Java or what-ever your server-side technology is:

<?php
   if($_GET["callback"]) {
     print($_GET["callback"] . "(");
   }
   /* place your JSON object code/logic here */
   if($_GET["callback"]) {
     print(");");
   }
 ?>

Note that what you are generating on the server side winds up being some JavaScript that gets executed on the client side.

Answer 3

Manually editing firefox's settings is the way to go, but it's inconvenient when you need to do it often.

Instead, you can install an add-on that will do it for you in one click.

I use CORS everywhere, which works great for me.

Here is a link to the installer

Answer 4

If you just don't want to waste your time on cross-domain issues during development and testing of your app you can use addon Force CORS for FF.

UPDATE: It seems that this addon no longer exists. But there is another option - this Chrome extension

Answer 5

I'm facing this from file://. I'd like to send queries to two servers from a local HTML file (a testbed).

This particular case should not be any safety concern, but only Safari allows this.

Here is the best discussion I've found of the issue.