Join 3,439 readers in helping fund MetaFilter (Hide)


override XHR policy
October 22, 2010 9:21 AM   Subscribe

override XMLHttpRequest security policy in firefox?

im working on a page locally which requests data (via ajax) from a remote server. dummy data wont work - this page needs to grab the data off the server.

when it goes live, this file and the data will be on the same domain so the origin policy wont be an issue. however, while im developing, its becoming quite a nuisance.

is there some preference in about:config that would let me turn it off for a moment?

(after googling, i found security.fileuri.strict_origin_policy, but that only seems to allow local files to see other local files)
posted by nihlton to Technology (8 answers total) 1 user marked this as a favorite
 
I don't know of a way to override this in Firefox itself. If you have Apache, though, it's really easy to set up a reverse proxy with mod_proxy to access the remote content through a localhost URL:

ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar

posted by enn at 9:28 AM on October 22, 2010


Here's a good overview of XHR security policies and the standards that exist for negotiating them between client and server. Summarized version: There are a couple of headers that you can set on the server side that will tell Firefox to relax a little bit and just get the information. If you don't have access to the remote server, then your best bet is as enn mentions above---set up a local apache installation that proxies requests to the remote server.
posted by aparrish at 9:50 AM on October 22, 2010


Do your AJAX request to a local php file that gets the data from the remote server via cURL.
posted by rachelpapers at 11:49 AM on October 22, 2010


the idea is to have the URLs remain constant between development and deployment.

so developing against a proxy, then pushing out is not ideal.
posted by nihlton at 11:59 AM on October 22, 2010


The URL can remain the same.

this file and the data will be on the same domain so the origin policy wont be an issue

In other words, if you use a relative URL, it should be the same. Right?
posted by mikeh at 2:15 PM on October 22, 2010


i think im going to have to monkey with the response headers so firefox will pipe down. :(
posted by nihlton at 2:26 PM on October 22, 2010


Check out an app called Charles. It is a debugging proxy. Among many other things, you could use it to map local files to a domain name or map one domain name to another. I use it every day to do exactly what you are describing.
posted by jm4 at 6:33 PM on October 22, 2010


> dummy data wont work - this page needs to grab the data off the server.

How recent does it really need to be? Can't you get a cron job to copy whatever it is to the local domain so that it's never more than five minutes old?
posted by AmbroseChapel at 10:29 PM on October 22, 2010


« Older I need help with deciding what...   |  My High School student needs t... Newer »
This thread is closed to new comments.