How to enable CORS on Firefox?

firefox cors same-origin-policy
Ahab picture Ahab · Aug 26, 2014 · Viewed 109.4k times · Source

Can somebody please tell me how I allow CORS on firefox? I easily managed it on Chrome and IE, but I am totally failing at it with Firefox. I edited the following about:config entry 

security.fileuri.strict_origin_policy = false

This attempt has been posted several times here and is told on other sites too, but it has no effect. I read the Mozilla guide to Same-origin-policies:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS

but it just explains CORS and the related topics. A workaround to enable it on FF is not listed.

I would really appreciate a definitive solution.

ps: FORCECORS does not work either somehow...

Answer

Quentin picture Quentin · Aug 26, 2014

Do nothing to the browser. CORS is supported by default on all modern browsers (and since Firefox 3.5).

The server being accessed by JavaScript has to give the site hosting the HTML document in which the JS is running permission via CORS HTTP response headers.

security.fileuri.strict_origin_policy is used to give JS in local HTML documents access to your entire hard disk. Don't set it to false as it makes you vulnerable to attacks from downloaded HTML documents (including email attachments).

Related questions

Disable Firefox Same Origin Policy without installing a plugin

Is there a way to disable the same origin policy on the Mozilla Firefox browser by toggling a flag in the browser? This is strictly for development, for not production use. Please note: A similar question asked 3+ years ago yielded …

Read More
Firefox 'Cross-Origin Request Blocked' despite headers

I'm trying to make a simple cross-origin request, and Firefox is consistently blocking it with this error: Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at [url]. This can be fixed by moving the resource to …

Read More
Disable cross domain web security in Firefox

In Firefox, how do I do the equivalent of --disable-web-security in Chrome. This has been posted a lot, but never a true answer. Most are links to add-ons (some of which don't work in the latest Firefox or don't work …

Read More