"In Firefox, the preference that disables CORS is content. cors. disable. Setting this to true disables CORS, so whenever that's the case, CORS requests will always fail with this error." developer.mozilla.org/en-US/docs/Web/HTTP/CORS/Errors/…
In Google Chrome, you can easily disable the same-origin policy of Chrome by running Chrome with the following command: [your-path-to-chrome-installation-dir]\chrome.exe --disable-web-security --user-data-dir . Make sure that all instances of Chrome are closed before you run the command.
CORS or Cross Origin Resource Sharing is blocked in modern browsers by default (in JavaScript APIs). Installing this add-on will allow you to unblock this feature. Please note that, when the add-on is added to your browser, it is in-active by default (toolbar icon is grey C letter).
To modify how these headers are altered, use the right-click context menu items. You can customize what method are allowed. The default option is to allow 'GET', 'PUT', 'POST', 'DELETE', 'HEAD', 'OPTIONS', 'PATCH' methods. You can also ask the extension not to overwrite these headers when the server already fills them.
After having tried to find a Firefox setting for various hours, and after having opened a bounty, I think the right answer to this question is:
At the moment of writing (March 2018), it is not possible to disable the same policy origin in Firefox by simply setting a flag.
I would personally recommend people to use Chrome instead for this kind of work, because disabling this setting is very easy, quick and doesn't involve installing third-party software.
There is a boolean in Mozilla Firefox that should allow toggling of the same origin policy called security.fileuri.strict_origin_policy
.
Go to about:config
in your browser and accept the risk:
Then search for security.fileuri.strict_origin_policy
and double click it to toggle it to false
like so:
I have not tested this but in my experience, this is the flag controlling the same origin policy.
Rather than directly answer your question, this alternative might be viable if you also have ownership of the server
Get your server to add the following response header. (+ Apply a DevOps process or piece of code to ensure only apply this code during development)
Access-Control-Allow-Origin
.. With the value of your origin domain, e.g.
http://example.com
or alternatively *
for all domains.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With