禁用firefox同源策略 [英] Disable firefox same origin policy
问题描述
我正在开发一个本地的研究工具,要求我关闭Firefox的同源策略(就脚本访问而言,我不太在意跨域请求)。
更具体地说,我希望主机域中的脚本能够访问页面中嵌入的任何iframe中的任意元素,而不管它们的域名是什么。
我知道之前的Q& As提到了CORS FF扩展,但这不是我所需要的,因为它只允许CORS,而不允许脚本访问。
如果不能很容易地完成,我还要感谢任何见解,指向我可以修改以禁用SOP的FF src代码的特定部分,以便我可以重新编译FF。
有一个Firefox扩展,它将CORS头文件添加到最新的Firefox( build 36.0.1 )发布 2015年3月5日。
我测试了它,它在Windows 7和Mavericks上都有效。
1)获取扩展名
您可以从此处下载xpi (作者建立)或从这里
(镜像,可能不会更新)。
或者下载文件从GitHub。
现在它也在Firefox Marketplace上:此处下载。在这种情况下,你点击安装后安装插件,你可以跳到步骤4.
如果你下载了xpi,你可以跳到步骤3。
$ b 2)构建xpi
你需要解压zip,进入cors-everywhere-firefox-addon-master文件夹,选择所有项目并压缩它们。
然后,将创建的zip文件重命名为* .xpi
注意:如果您使用的是OS X gui,可能会创建一些隐藏文件,使用命令行更好。
3)安装xpi
你可以将xpi拖放到firefox中,或者进入about:addons,点击右上角的cog,选择从文件中添加,然后选择你的.xpi文件。现在,重新启动firefox。
$ b
4)让它工作
该扩展将不会在默认情况下工作。您需要将扩展名图标拖到扩展栏上,但不用担心。有图片!
- 点击Firefox菜单
- 点击自定义
- 将CorsE拖到栏中
- 现在,点击图标,绿色的时候,任何HTTP响应
5)测试是否正常工作
jQuery
$。get(http://example.com/,function(data){
console.log(data );
});
JavaScript
xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function(){
if(xmlhttp.readyState == 4){
console.log(xmlhttp.responseText);
}
}
xmlhttp.open(GET,http://example.com/);
xmlhttp.send();
6)最后的考虑
请注意, https to http是不允许的
a>。可能有一个解决方法,但是它是在问题的范围之后。
I'm developing a local research tool that requires me to turn off Firefox's same origin policy (in terms of script access, I don't really care about cross domain requests).
More specifically, I want scripts in the host domain to be able to access arbitrary elements in any iframes embedded in the page, regardless of their domain.
I'm aware previous Q&As which mentioned the CORS FF extension, but that is not what I need, since it only allows CORS, but not script access.
If it cannot be done easily, I would also appreciate any insights that point me to specific part of FF src code that I can modify to disable SOP, so that I can recompile FF.
There's a Firefox extension that adds the CORS headers to any HTTP response working on the latest Firefox (build 36.0.1) released March 5, 2015. I tested it and it's working on both Windows 7 and Mavericks. I'll guide you throught the steps to get it working.
1) Getting the extension
You can either download the xpi from here (author builds) or from here (mirror, may not be updated).
Or download the files from GitHub. Now it's also on Firefox Marketplace: Download here. In this case, the addon is installed after you click install and you can skip to step 4.
If you downloaded the xpi you can jump to step 3. If you downloaded the zip from GitHub, go to step 2.
2) Building the xpi
You need to extract the zip, get inside the "cors-everywhere-firefox-addon-master" folder, select all the items and zip them. Then, rename the created zip as *.xpi
Note: If you are using the OS X gui, it may create some hidden files, so you 'd be better using the command line.
3) Installing the xpi
You can just drag and drop the xpi to firefox, or go to: "about:addons", click on the cog on the top right corner and select "install add on from file", then select you .xpi file. Now, restart firefox.
4) Getting it to work
Now, the extension won't be working by default. You need to drag the extension icon to the extension bar, but don't worry. There are pictures!
- Click on the Firefox Menu
- Click on Customise
- Drag CorsE to the bar
- Now, click on the icon, when it's green the CORS headers will be added to any HTTP response
5) Testing if it's working
jQuery
$.get( "http://example.com/", function( data ) {
console.log (data);
});
JavaScript
xmlhttp=new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4) {
console.log(xmlhttp.responseText);
}
}
xmlhttp.open("GET","http://example.com/");
xmlhttp.send();
6) Final considerations
Note that https to http is not allowed.
There may be a way around it, but it's behind the scope of the question.
这篇关于禁用firefox同源策略的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
