有人可以告诉我如何在Firefox上允许CORS?我很容易在Chrome和IE上管理它,但我完全失败了与Firefox。我编辑了以下关于:config条目
security.fileuri.strict_origin_policy = false此尝试已在此发布多次,并在其他网站上被告知,但它没有效果。我阅读了Mozilla的同源策略指南:
developer.mozilla/en-US/docs/Web/HTTP/Access_control_CORS
,但它只是说明CORS和相关主题。未列出在FF上启用它的解决方法。
我真的很感谢一个明确的解决方案。
ps:FORCECORS无法以某种方式工作...
解决方案对浏览器不执行任何操作。 默认情况下,在所有现代浏览器(以及Firefox 3.5)上支持CORS。
JavaScript访问的服务器必须通过CORS HTTP响应标头为托管HTML文档的站点提供JS运行权限。
security.fileuri.strict_origin_policy 用于在本地HTML文档中为JS提供对整个硬盘的访问权限。不要将其设置为 false ,因为它容易受到下载的HTML文档(包括电子邮件附件)的攻击。
Can somebody please tell me how I allow CORS on firefox? I easily managed it on Chrome and IE, but I am totally failing at it with Firefox. I edited the following about:config entry
security.fileuri.strict_origin_policy = falseThis attempt has been posted several times here and is told on other sites too, but it has no effect. I read the Mozilla guide to Same-origin-policies:
developer.mozilla/en-US/docs/Web/HTTP/Access_control_CORS
but it just explains CORS and the related topics. A workaround to enable it on FF is not listed.
I would really appreciate a definitive solution.
ps: FORCECORS does not work either somehow...
解决方案Do nothing to the browser. CORS is supported by default on all modern browsers (and since Firefox 3.5).
The server being accessed by JavaScript has to give the site hosting the HTML document in which the JS is running permission via CORS HTTP response headers.
security.fileuri.strict_origin_policy is used to give JS in local HTML documents access to your entire hard disk. Don't set it to false as it makes you vulnerable to attacks from downloaded HTML documents (including email attachments).
更多推荐
如何在Firefox上启用CORS?
发布评论