Is there a way to disable the same origin policy on the Mozilla Firefox browser by toggling a flag in the browser?
This is strictly for development, for not production use.
Please note:
A similar question asked 3+ years ago yielded an accepted answer that recommends users to install a plugin. I consider this less secure and more cumbersome than toggling a flag (e.g. in the about:config, or passing a parameter when starting the browser like in Chrome).
After having tried to find a Firefox setting for various hours, and after having opened a bounty, I think the right answer to this question is:
At the moment of writing (March 2018), it is not possible to disable the same policy origin in Firefox by simply setting a flag.
I would personally recommend people to use Chrome instead for this kind of work, because disabling this setting is very easy, quick and doesn't involve installing third-party software.
There is a boolean in Mozilla Firefox that should allow toggling of the same origin policy called security.fileuri.strict_origin_policy.
Go to about:config in your browser and accept the risk:
Then search for security.fileuri.strict_origin_policy and double click it to toggle it to false like so:
I have not tested this but in my experience, this is the flag controlling the same origin policy.
Rather than directly answer your question, this alternative might be viable if you also have ownership of the server
Get your server to add the following response header. (+ Apply a DevOps process or piece of code to ensure only apply this code during development)
Access-Control-Allow-Origin
.. With the value of your origin domain, e.g.
http://example.com or alternatively * for all domains.
So I wasn't able to do this using Firefox. I was able to do this inside of chrome using the following. My purpose was for testing endpoint access to a server without CORS being setup.
google-chrome disable-web-security -allow-file-access-from-files — allow-file-access
Your google chrome executable can vary to whatever you have linked it to.
Source: https://medium.com/#siddhartha.ng/disable-cross-origin-on-chrome-for-localhost-c644b131db19
Related
Is it possible to cache specific resources while developing with disable cache option turned on in Chrome Dev Tools?
One might want to cache https://fonts.googleapis.com/css while testing local projects with caching disabled, for example.
You can't using DevTools. The disable cache disables the entire cache possible.
You may star a recent feature request in the Chromium issue tracker asking for just this feature. Please remember that +1, me too, and any other un-constructive comments are not needed. Simply login and click the star beside the issue number in the left sidebar. That will let the developers know others want this functionality as well.
This question already has answers here:
Disable developer mode extensions pop up in Chrome
(20 answers)
Closed 4 years ago.
Recently Google added this annoying pop up to the dev channel.
Someone answered here (Disable developer mode extensions pop up in Chrome) to edit the chrome.dll to get rid of the pop up.
However, the method described there does not seem to work anymore.
Additionally, it would be nice to have a batch script that patches chrome.dll should Google push a new update.
EDIT: Open to new hacks, since wOxxOm stopped maintaining his useful script (the manual method seems to be outdated as well)
I am adding here the official ways to solve this issue and I know they are not optimal, but it makes sense that these solutions are present here.
The first solution and the most complicated one is to create a Google Store Account and go through all the steps to activate it, with it you can upload your extension package and keep it Private, so you can share the link to this package to who will need to install it, this way that message will never show since the extension has been approved by Google team and it's secure.
The second option is to download the Chrome Dev Browser, linked Here, it wont show on the screen that you are downloading the Dev Channel, you have to trust it is happening. This version of the browser works side by side with the official version so you don't have to uninstall or anything, and all settings are separated so it's really like a different browser.
I am using version 64 of it and it solved my problem with the extension.
If you can't use dev/canary builds the easiest way to remove the pop-up is to package your extension and then use group policies to whitelist it, as outlined here: https://stackoverflow.com/a/38011386/991321
Fiddler lets me intercept http requests and respond with files from from my local machine. I am looking for a tool that does exactly that, on mac.
I tested charles but its "rewrite tool" does not allow that. I tried also httpscoop which allows only looking at requests, and wireshark where I could not even find the gui (probably due to my noobness on mac)
As far as I understand it, Charles' Map feature offers what you're looking for.
If you have a Windows PC or VM on your Mac, you can use Fiddler to capture the Mac's traffic. Also worth noting is that I'm at Telerik now and one of our goals is to support more platforms with Fiddler. An alpha version of Fiddler for the Mono framework is now available.
you can try a free chrome extension: Trumpet
Features:
Wildcard pattern
RegEx pattern
Category
File drag
Try Tamper, it's based on mitmproxy and it allows you to see all requests made by the current tab, modify them and serve the modified version next time you refresh.
Is it possible to prevent certain Keypresses (as mentioned int he title) from reaching the browser? Basically I want to strip down user's ability to close a browser window. Is it possible through NPAPI plugin, particularly in google-chrome web browser. The plugin will be developed using firebreath.
If your actual question is if the browsers give plugins a way to do this, the answer is absolutely not.
That said, there may be system APIs that you can use to do that, but you'd definitely be more likely to get help if you ask a question about how to do that using system APIs. The challenge will be finding a way to only do it when you're in the browser or on a specific tab, etc; there is no way through the browser to do this. If there is a way it'll be hackish and involve system calls, not plugin calls.
Also remember that plugins don't automatically instantiate; it would only work on a page with your object tag. http://npapi.com/extensions for more info
I remember a plugin that could detect which OS and what programming language was used on the server side. I don't know anymore what the name was. It could be Firebug or something like that, but I can't find the function.
Firebug makes it easy to look at the headers send by the Server. But be aware, that server could fake or hide this parts of header, so it does not work always.
This is a Browser Plugin called wappalyzer http://www.wappalyzer.com. if you are using firefox plugins site just search for wappalyzer.