发表新帖
发表新帖

Disable cross domain web security in Firefox

后端 未结
关注
8 586
耶瑟儿~
耶瑟儿~ 2020-11-29 00:24

In Firefox, how do I do the equivalent of --disable-web-security in Chrome. This has been posted a lot, but never a true answer. Most are links to add-ons (some

相关标签:
8条回答
  • 鱼传尺愫
    2020-11-29 00:30

    From this answer I've known a CORS Everywhere Firefox extension and it works for me. It creates MITM proxy intercepting headers to disable CORS. You can find the extension at addons.mozilla.org or here.

    0 讨论(0)
  • 盖世英雄少女心
    2020-11-29 00:30

    I have not been able to find a Firefox option equivalent of --disable-web-security or an addon that does that for me. I really needed it for some testing scenarios where modifying the web server was not possible. What did help was to use Fiddler to auto-modify web responses so that they have the correct headers and CORS is no longer an issue.

    The steps are:

    1. Open fiddler.

    2. If on https go to menu Tools -> Options -> Https and tick the Capture & Decrypt https options

    3. Go to menu Rules -> Customize rules. Modify the OnBeforeResponseFunction so that it looks like the following, then save:

       static function OnBeforeResponse(oSession: Session) {
    //....
    oSession.oResponse.headers.Remove("Access-Control-Allow-Origin");
    oSession.oResponse.headers.Add("Access-Control-Allow-Origin", "*");
    //...
 }

      This will make every web response to have the Access-Control-Allow-Origin: * header.

    4. This still won't work as the OPTIONS preflight will pass through and cause the request to block before our above rule gets the chance to modify the headers. So to fix this, in the fiddler main window, on the right hand side there's an AutoResponder tab. Add a new rule and response: METHOD:OPTIONS https://yoursite.com/ with auto response: *CORSPreflightAllow and tick the boxes: "Enable Rules" and "Unmatched requests passthrough".

    See picture below for reference:

    0 讨论(0)
  • 既然无缘
    2020-11-29 00:39

    The Chrome setting you refer to is to disable the same origin policy.

    This was covered in this thread also: Disable firefox same origin policy

    about:config -> security.fileuri.strict_origin_policy -> false

    0 讨论(0)
  • 南笙
    2020-11-29 00:42

    Best Firefox Addon to disable CORS as of September 2016: https://github.com/fredericlb/Force-CORS/releases

    You can even configure it by Referrers (Website).

    0 讨论(0)
  • 情歌与酒
    2020-11-29 00:42

    For anyone finding this question while using Nightwatch.js (1.3.4), there's an acceptInsecureCerts: true setting in the config file:

    firefox: {
      desiredCapabilities: {
        browserName: 'firefox',
        alwaysMatch: {
          // Enable this if you encounter unexpected SSL certificate errors in Firefox
          acceptInsecureCerts: true,
          'moz:firefoxOptions': {
            args: [
              // '-headless',
              // '-verbose'
            ],
          }
        }
      }
    },

    0 讨论(0)
  • 梦谈多话
    2020-11-29 00:46

    Check out my addon that works with the latest Firefox version, with beautiful UI and support JS regex: https://addons.mozilla.org/en-US/firefox/addon/cross-domain-cors

    Update: I just add Chrome extension for this https://chrome.google.com/webstore/detail/cross-domain-cors/mjhpgnbimicffchbodmgfnemoghjakai

    0 讨论(0)
 看不清?
提交回复
热议问题