override XHR policy
October 22, 2010 9:21 AM Subscribe
override XMLHttpRequest security policy in firefox?
im working on a page locally which requests data (via ajax) from a remote server. dummy data wont work - this page needs to grab the data off the server.
when it goes live, this file and the data will be on the same domain so the origin policy wont be an issue. however, while im developing, its becoming quite a nuisance.
is there some preference in about:config that would let me turn it off for a moment?
(after googling, i found security.fileuri.strict_origin_policy, but that only seems to allow local files to see other local files)
im working on a page locally which requests data (via ajax) from a remote server. dummy data wont work - this page needs to grab the data off the server.
when it goes live, this file and the data will be on the same domain so the origin policy wont be an issue. however, while im developing, its becoming quite a nuisance.
is there some preference in about:config that would let me turn it off for a moment?
(after googling, i found security.fileuri.strict_origin_policy, but that only seems to allow local files to see other local files)
Best answer: Here's a good overview of XHR security policies and the standards that exist for negotiating them between client and server. Summarized version: There are a couple of headers that you can set on the server side that will tell Firefox to relax a little bit and just get the information. If you don't have access to the remote server, then your best bet is as enn mentions above---set up a local apache installation that proxies requests to the remote server.
posted by aparrish at 9:50 AM on October 22, 2010
posted by aparrish at 9:50 AM on October 22, 2010
Do your AJAX request to a local php file that gets the data from the remote server via cURL.
posted by rachelpapers at 11:49 AM on October 22, 2010
posted by rachelpapers at 11:49 AM on October 22, 2010
Response by poster: the idea is to have the URLs remain constant between development and deployment.
so developing against a proxy, then pushing out is not ideal.
posted by nihlton at 11:59 AM on October 22, 2010
so developing against a proxy, then pushing out is not ideal.
posted by nihlton at 11:59 AM on October 22, 2010
The URL can remain the same.
this file and the data will be on the same domain so the origin policy wont be an issue
In other words, if you use a relative URL, it should be the same. Right?
posted by mikeh at 2:15 PM on October 22, 2010
this file and the data will be on the same domain so the origin policy wont be an issue
In other words, if you use a relative URL, it should be the same. Right?
posted by mikeh at 2:15 PM on October 22, 2010
Response by poster: i think im going to have to monkey with the response headers so firefox will pipe down. :(
posted by nihlton at 2:26 PM on October 22, 2010
posted by nihlton at 2:26 PM on October 22, 2010
Check out an app called Charles. It is a debugging proxy. Among many other things, you could use it to map local files to a domain name or map one domain name to another. I use it every day to do exactly what you are describing.
posted by jm4 at 6:33 PM on October 22, 2010
posted by jm4 at 6:33 PM on October 22, 2010
> dummy data wont work - this page needs to grab the data off the server.
How recent does it really need to be? Can't you get a cron job to copy whatever it is to the local domain so that it's never more than five minutes old?
posted by AmbroseChapel at 10:29 PM on October 22, 2010
How recent does it really need to be? Can't you get a cron job to copy whatever it is to the local domain so that it's never more than five minutes old?
posted by AmbroseChapel at 10:29 PM on October 22, 2010
This thread is closed to new comments.
ProxyPass /foo http://foo.example.com/bar
ProxyPassReverse /foo http://foo.example.com/bar
posted by enn at 9:28 AM on October 22, 2010