"In Firefox, the preference that disables CORS is content. cors. disable. Setting this to true disables CORS, so whenever that's the case, CORS requests will always fail with this error." developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/…
From this answer I've known a CORS Everywhere Firefox extension and it works for me. It creates MITM proxy intercepting headers to disable CORS. You can find the extension at addons.mozilla.org or here.
Changing Origin Occasionally, the same origin policy may block requests between subdomains on the same domain. The easiest way to solve this problem is to set document. domain from within JavaScript.
To modify how these headers are altered, use the right-click context menu items. You can customize what method are allowed. The default option is to allow 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH' methods. You can also ask the extension not to overwrite these headers when the server already fills them.
There's a Firefox extension that adds the CORS headers to any HTTP response working on the latest Firefox (build 36.0.1) released March 5, 2015. I tested it and it's working on both Windows 7 and Mavericks. I'll guide you throught the steps to get it working.
1) Getting the extension
You can either download the xpi from here (author builds) or from here (mirror, may not be updated).
Or download the files from GitHub. Now it's also on Firefox Marketplace: Download here. In this case, the addon is installed after you click install and you can skip to step 4.
If you downloaded the xpi you can jump to step 3. If you downloaded the zip from GitHub, go to step 2.
2) Building the xpi
You need to extract the zip, get inside the "cors-everywhere-firefox-addon-master" folder, select all the items and zip them. Then, rename the created zip as *.xpi
Note: If you are using the OS X gui, it may create some hidden files, so you 'd be better using the command line.
3) Installing the xpi
You can just drag and drop the xpi to firefox, or go to: "about:addons", click on the cog on the top right corner and select "install add on from file", then select you .xpi file. Now, restart firefox.
4) Getting it to work
Now, the extension won't be working by default. You need to drag the extension icon to the extension bar, but don't worry. There are pictures!
5) Testing if it's working
jQuery
$.get( "http://example.com/", function( data ) {
console.log (data);
});
JavaScript
xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
console.log(xmlhttp.responseText);
}
}
xmlhttp.open("GET","http://example.com/");
xmlhttp.send();
6) Final considerations
Note that https to http is not allowed.
There may be a way around it, but it's behind the scope of the question.
about:config -> security.fileuri.strict_origin_policy -> false
I realized my older answer is downvoted because I didn't specify how to disable FF's same origin policy specifically. Here I will give a more detailed answer:
Warning: This requires a re-compilation of FF, and the newly compiled version of Firefox will not be able to enable SOP again.
Check out Mozilla's Firefox's source code, find nsScriptSecurityManager.cpp in the src directory. I will use the one listed here as example: http://mxr.mozilla.org/aviarybranch/source/caps/src/nsScriptSecurityManager.cpp
Go to the function implementation nsScriptSecurityManager::CheckSameOriginURI, which is line 568 as of date 03/02/2016.
Make that function always return NS_OK.
This will disable SOP for good.
The browser addon answer by @Giacomo should be useful for most people and I have accepted that answer, however, for my personal research needs (TL;won't explain here) it is not enough and I figure other researchers may need to do what I did here to fully kill SOP.
I wrote an add-on to overcome this issue in Firefox (Chrome, Opera version will have soon). It works with the latest Firefox version, with beautiful UI and support JS regex: https://addons.mozilla.org/en-US/firefox/addon/cross-domain-cors
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With