I need a way to request any site using Ajax. I mean ANY site, I don't want to have to use the workarounds that firefox offers that only apply to someone who's making page requests from the same domain. Is there ANY way to let this happen? I want this to occur as a local file.
Downgrade your Firefox to under version 3
Try http://dirolf.com/2007/06/enabling-cross-domain-ajax-in-firefox.html
Firefox 3 note
Versions of Firefox prior to Firefox 3 allowed you to set the preference capability.policy..XMLHttpRequest.open to allAccess to give specific sites cross-site access. This is no longer supported.
BTW, you can also save your web application(.html) as .hta, HTA application is allow cross site scripting.
Related
I've been curious to try switching to Firefox Quantum from Chrome, but for web development have hit a major obstacle that I have not been able to easily resolve –– it's caching my localhost files so when I attempt to load various ember applications at localhost:4200 I end up viewing a cached application different than the one that is currently running.
Is there a way to disable caching for localhost in Firefox? And/or how to developers normally work with Firefox in this regard?
And/or how to developers normally work with Firefox in this regard?
I tend to use CTRL + F5 to do hard reload (ignores cache). Pretty standard for all browsers.
Since there is no native way to configure for individual domains, you could write a Browser Extension that can intercept responses via the webRequest API (see for example onHeadersReceived) by overriding cache headers for a selected domain (you may even be able to find one already in existence).
Or simply configure settings in developer tools to ignore cache when toolbox is open:
There is also the Forget Button that can be dragged into the toolbar from customize.
Set the HTTP Cache-Control response header to max-age=0 in your application.
We have a HTTPS website and I need to display a HTTP website (any external website) into my page. The website used iframe for displaying it. We realised that it doesn't work in mozilla firefox. We are getting a "mixed content" error. I am searching for an alternative to iframe now. I understand that it makes no sense to bypass the security warning. We also do not want to change any browser settings as it is possible that all the users may not have permissions to change browser settings. Using tags like <embed> or redirecting in <div> tag also gives the same problem.
Is there any way to do this in C# code and not using HTML and scripting.
Response.redirect() does not work in our application. I do not have a problem if the page is redirected but I prefer a dialog/popup window for the external website to display.
This is simply a security consideration. Your HTTPS site is not truly safe when using mixed content.
Use HTTPS for your external site, period.
As Mozilla suggests:
The best strategy to avoid mixed content blocking is to serve all the content as HTTPS instead of HTTP.
I ´m trying with Ad Block Plus, Ghostery, Disconect and Self-Destruct Cookies in Firefox.
Can you recommend some tips to stop the tracking?
The "Do Not Track" feature in Firefox is useful for telling sites that you do not want to be tracked. A detailed guide on enabling this feature is available on Firefox's support page : http://mzl.la/WL6fUP .
Besides, if you want an extra level of security, I would suggest you to use the "NoScript" browser extension(https://addons.mozilla.org/en-US/firefox/addon/noscript/). NoScript blocks JavaScript and other executable content on website thus effectively protecting you from tracking codes on websites.
And if you want real privacy use a proxy or VPN. Another good idea is to use the tor browser ( torproject.org/projects/torbrowser.html.en).
I am running a site. Some of its pages are not working in Firefox, but work perfect in Chrome. In Firefox it shows me a gray shield next to the URL and when I click on that shield and manually click on disable protection on this page then my page works fine. So now the problem is that there are many users on my site, and some of them don't know how to do it so I want to handle it on my site so its users don't need to do that.
How can I do it? I Googled and found a setting of Firefox in about:config named security.mixed_content.block_active_content. If we set it to false then it works. So is there a way to do it programmatically or other way so that users just view that page without seeing that shield?
As I understand it, content that is blocked by default by Firefox now is http content that is accessed from an https page. Common types of content that fall foul of this are external stylesheets and images.
As far as I am aware the way to prevent the problem on your site is to make sure that if a page is served by https, any and all other files that it references are also served by https.
Hi Friends,
The reason you see this error in Mozilla Firefox is because your
website is a Mixed Box that is, your website has many internal links
which are not SSL protected.
In order to avoid this error from showing up in Mozilla Firefox you
will have to make sure all the internal links on your website are SSL
protected.
So, Use https:// in your page not http://
I hope I was clear enough in answering your query.
firefox has blocked content that isn't secure means there are some contents on your website are not secure.
I had same issue as my fonts were downloading with http://google.apis.something instead of https
Then I change to //google.apis.something and problem get solved.
To know what is not secure in you website use this link
I am working on a Firefox extension that will involve ajax calls to domains that would normally fail due to the same-origin policy set by Firefox (and most modern browsers).
I was wondering if there is a way to either turn off the same-origin restriction (in about:config, perhaps) or if there was a standard lite-browser that developers turn to for this.
I really would like to avoid using any blackhat tools, if possible. Not because I'm against them, I just don't want to add another learning curve to the process.
I can use curl in PHP to confirm that the requests work, but I want to get started on writing the js that the addon will actually use, so I need a client that will execute js.
I also tried spidermonkey, but since I'm doing the ajax with jquery, it threw a fit at all of the browser-based default variables.
So, short version: is there a reliable browser/client for cross site scripting that isn't primarily a hacker app? Or can I just turn off same-domain policy in Firefox?
Use GreaseMonkey with GM_xmlhttpRequest
Did you look into HTTP Access Control