jo5ef / force-cors Goto Github PK

FirefoxDeveloperEdition is blocking the installation, even after I added the site to the allowed sites exception list. This is probably a sign of things to come for mainline FX, I would strongly encourage you to get those fixes made and resubmit ASAP.

Thanks!

Just like AdBlock, it would be good to be able to force cors just on some website.

It's not an issue but a tip...

I tried to access to a resource using this addon. It worked for different websites, but not for the only one I wanted to get. Actually it's because I needed to use the credentials option. But then it didn't work again as Firefox returned "cross domain not allowed".

Finally I've changed the forcecors.headers value in about:config to:
Access-Control-Allow-Methods *|Access-Control-Allow-Credentials true|Access-Control-Allow-Origin http://intranet.mydomain.com
Note: I've had to specify my Allow-Origin domain to make it work and also to add the Allow-Credentials to true

And the jQuery Ajax request looks like that:

$.ajax({
  method: 'GET',
  url: 'https://myothersite.mydomain.com/mypage.aspx',
  xhrFields: {
    withCredentials: true
  }
}).done(function(data) {
  console.log(data)
})

This is obviously a great plugin for any JavaScript developer but as mentioned in the warning it disable cross-domain completely. One way that would make developers more confident and help reduce the risks would be to only apply such headers on requests matching a pattern in a list of URL. This would allow a developer to add the URL patterns used for development purpose.

I might be able to help on this if this is something you think is a good idea.

Cors icon is at the bottom/right of the browser window and is enabled - but cross domain ajax calls don't work.

Is it possible to port it to Firefox Mobile for Android ?

Hello,

I noticed that I could not see the ForceCORS headers on responses for AJAX requests (checked this from Webdeveloper Console).

Just want to confirm that it is expected behaviour.

Thanks

Hi! I've used this plugin over long time, until an update of Firefox recently (29.0.0/1).

Firebug now complains (Even if CORS is turned on):

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at {http://path.to/my.json}. This can be fixed by moving the resource to the same domain or enabling CORS.

As of this change in FFNightly, the Force-CORS button is not visible.

https://bugzilla.mozilla.org/show_bug.cgi?id=749804

Here is a discussion of affected people.

http://support.mozilla.org/en-US/questions/978015

Can you write a quick fix?