Firefox addons allow you to do cross-domain munication.
Is there any way to expose this function so I can initiate cross-domain ajax from any page (given I have installed this addon)?
Edit: I know what is CORS, and CORS only make sense when you have control the server, but I don't. The point here is I control the browser, I bear the risk so I am asking if anyway to export the cross-domain function from addon stage to the userland.
Firefox addons allow you to do cross-domain munication.
Is there any way to expose this function so I can initiate cross-domain ajax from any page (given I have installed this addon)?
Edit: I know what is CORS, and CORS only make sense when you have control the server, but I don't. The point here is I control the browser, I bear the risk so I am asking if anyway to export the cross-domain function from addon stage to the userland.
Share Improve this question edited Jun 24, 2012 at 11:10 Howard asked Jun 23, 2012 at 7:58 HowardHoward 19.8k36 gold badges115 silver badges187 bronze badges 3- You should rather look at CORS (see bart's answer) - allowing any web page to do cross-origin requests without any checks whatsoever would be a huge security hole. – Wladimir Palant Commented Jun 23, 2012 at 9:11
- CORS only make sense when you have control the server, but I don't. The point here is I control the browser, I bear the risk so I am asking if anyway to export the cross-domain function from addon platform to the userland. – Howard Commented Jun 24, 2012 at 11:09
- Do you mean like how greasemonkey does it? – Yansky Commented Jul 3, 2012 at 4:53
5 Answers
Reset to default 5 +150As you have said, the same origin policy only serves to protect the client (yourself), usually from XSS attacks.
I'm not sure what you're trying to achieve with the addon, but you can certainly try doing the following on your own machine. By changing the settings on firefox, you can ignore the same origin policy.
If you're trying to develop a plugin that allows cross domain access (and thus potentially open up vulnerabilities in your client-base), you may need to employ some unorthodox tricks. I can think of a couple ways, but like CORS, you will need access to SOME server at least. You can essentially create a proxy that fetches the resources on your server instead. Ie, the users of your plugin hits http://yourwebsite./?url=http://someotherwebsite./resource.
I can think of no way to do a client-side only solution.
Cross domain munication aka CORS (Cross Origin Resource Share) is only possible if the server allows it, and the browser supports it.
Easy reading in this Wikipedia article
Heavy reading in this W3C document which is still a working draft.
I have used CORS now for a year in the C# Webserver. I noticed whenever I do not add the CORS headers on the server side, I run into the same origin policy. Even when requesting to the same IP address but a different port.
If the server does not support CORS, you may find your cross domain requests to fail
EDIT:
I recently learned that the same domain policy can be worked around using Yahoo! Query Language (YQL). See the link for more information.
See this SO item for an example Cross Domain Post method ajax call using jquery with xml response
You might be able to make use of this gem: https://github./progrium/localtunnel
Userscripts have cross-domain XMLHttpRequest, and they will even run on all browsers.
Do you have access to the other server?? JSONP it's generally a good idea if you have access.
http://en.wikipedia/wiki/JSONP