Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Firefox: Disable XSS protection for a specific (locally stored!) HTML file ?
690 views
Skip to first unread message
R.Wieser
Apr 2, 2017, 4:00:52 AM4/2/17
to
Hello All,
Using FireFox, is there a way to allow a specific, locally stored
HTML-with-scripting file to access whatever websites it wants ?
Currently any attempt from the locally-stored and started by double-clicking
the file itself (displayed as a "file: ///...." in the browsers address bar)
to use an XMLHttpRequest to retrieve data from a(nother) website is
disallowed due to XSS protection -- which I normally consider to be a good
thing. Just not in this particular case. :-)
By the way: I don't really want to remove the protection for *all*
locally-stored HTML pages, as that could (and probably would) cause troubles
with *saved* webpages (as opposed to pages I've created myself).
Regards,
Rudy Wieser
Using FireFox, is there a way to allow a specific, locally stored
HTML-with-scripting file to access whatever websites it wants ?
Currently any attempt from the locally-stored and started by double-clicking
the file itself (displayed as a "file: ///...." in the browsers address bar)
to use an XMLHttpRequest to retrieve data from a(nother) website is
disallowed due to XSS protection -- which I normally consider to be a good
thing. Just not in this particular case. :-)
By the way: I don't really want to remove the protection for *all*
locally-stored HTML pages, as that could (and probably would) cause troubles
with *saved* webpages (as opposed to pages I've created myself).
Regards,
Rudy Wieser
VanguardLH
Apr 2, 2017, 5:53:57 AM4/2/17
to
It's either all on or all off. No per-site setting. Rather than toggle
a global setting, looks like you can modify your Javascript along with
headers to allow cross-domain access as long as the script is still
on-domain.
https://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
https://www.html5rocks.com/en/tutorials/cors/
The Firefox newsgroup is over at ---.
.-----------------------------------'
'---> mozilla.support.firefox
However, coding HTML web pages to do Javascripting across domains for
requests is something better suited to a newsgroup that discusses web
programming. The Firefox newsgroup is for support of users, not
programmers.
R.Wieser
Apr 2, 2017, 7:21:04 AM4/2/17
to
Vanguard,
> It's either all on or all off. No per-site setting.
Yeah, I already found some links about that (which I duly skipped), which
was why I was so specific about that per-file enabeling.
As for CORS ? That seems to need the cooperation of the server, which I
have no control over. In other words: not a preferred solution.
> The Firefox newsgroup is over at ---.
Now you mention it ...
I'm already trying to figure out where to post low-level programming stuff
(SSL3 NSS3 DLL related, specifically how to verify a returned SSL
certificate), but have not found an apropriate group for that.
Thanks,
Regards,
Rudy Wieser
-- Origional message:
VanguardLH <V...@nguard.LH> schreef in berichtnieuws
ekc01g...@mid.individual.net...
> It's either all on or all off. No per-site setting.
was why I was so specific about that per-file enabeling.
As for CORS ? That seems to need the cooperation of the server, which I
have no control over. In other words: not a preferred solution.
> The Firefox newsgroup is over at ---.
I'm already trying to figure out where to post low-level programming stuff
(SSL3 NSS3 DLL related, specifically how to verify a returned SSL
certificate), but have not found an apropriate group for that.
Thanks,
Regards,
Rudy Wieser
-- Origional message:
VanguardLH <V...@nguard.LH> schreef in berichtnieuws
ekc01g...@mid.individual.net...
0 new messages