Ce site disposera de fonctionnalités limitées pendant que nous effectuons des opérations de maintenance en vue de vous proposer un meilleur service. Si un article ne règle pas votre problème et que vous souhaitez poser une question, notre communauté d’assistance est prête à vous répondre via @FirefoxSupport sur Twitter, et /r/firefox sur Reddit.

Rechercher dans l’assistance

Évitez les escroqueries à l’assistance. Nous ne vous demanderons jamais d’appeler ou d’envoyer un SMS à un numéro de téléphone ou de partager des informations personnelles. Veuillez signaler toute activité suspecte en utilisant l’option « Signaler un abus ».

En savoir plus

How to enable cross-domain AJAX access in Firefox?

more options

I'm working on development of a HTML5 web application that requires accessing resources from other domains through AJAX. On Chrome browser, there is a nice way to disable web security and allow cross-domain access for AJAX. However, when it comes to Firefox, there isn't an answer that I found. I'm sure this questions might have been asked a multiple times in various forums. But, does Firefox provide a way to disable this security feature and enable cross-domain access?

Product information: I'm running the latest Firefox on Windows 7 box.

I'm working on development of a HTML5 web application that requires accessing resources from other domains through AJAX. On Chrome browser, there is a nice way to disable web security and allow cross-domain access for AJAX. However, when it comes to Firefox, there isn't an answer that I found. I'm sure this questions might have been asked a multiple times in various forums. But, does Firefox provide a way to disable this security feature and enable cross-domain access? Product information: I'm running the latest Firefox on Windows 7 box.

Toutes les réponses (3)

more options

The same-origin policy is an important security protection for browser users. It's what prevents third party sites from reading your traffic, vacuuming up your cookies, manipulating an open page from an iframe, and taking action on your behalf by hijacking your session. I assume that when you disable the same-origin policy in Google that you do not visit any sites you and your company do not personally control. More info: Same Origin Policy Part 1: No Peeking - IEInternals - Site Home - MSDN Blogs.

The official solution is to use Cross-Origin Resource Sharing in the app: https://developer.mozilla.org/en-US/d.../Access_control_CORS. If you have difficulty implementing this, you can get some assistance on the mozillaZine Web Development / Standards Evangelism forum.

more options

We know that. I don't want to keep it on, just turn it on while testing locally to a remote API. I don't want to allow localhost on my server!

more options

Hi oscargodson, yes, localhost sounds like a really bad idea. However, you might be able to edit your configuration file to add an "unguessable" server name with the same root as your localhost instance. Just a thought, I've never tried it myself.