Hello All,

Using FireFox, is there a way to allow a specific, locally stored
HTML-with-scripting file to access whatever websites it wants ?

Currently any attempt from the locally-stored and started by double-clicking
the file itself (displayed as a "file: ///...." in the browsers address bar)
to use an XMLHttpRequest to retrieve data from a(nother) website is
disallowed due to XSS protection -- which I normally consider to be a good
thing. Just not in this particular case. :-)

By the way: I don't really want to remove the protection for *all*
locally-stored HTML pages, as that could (and probably would) cause troubles
with *saved* webpages (as opposed to pages I've created myself).

Regards,
Rudy Wieser

"R.Wieser" > wrote:

> Using FireFox, is there a way to allow a specific, locally stored
> HTML-with-scripting file to access whatever websites it wants ?
>
> Currently any attempt from the locally-stored and started by double-clicking
> the file itself (displayed as a "file: ///...." in the browsers address bar)
> to use an XMLHttpRequest to retrieve data from a(nother) website is
> disallowed due to XSS protection -- which I normally consider to be a good
> thing. Just not in this particular case. :-)
>
> By the way: I don't really want to remove the protection for *all*
> locally-stored HTML pages, as that could (and probably would) cause troubles
> with *saved* webpages (as opposed to pages I've created myself).

https://www.phillips321.co.uk/2012/03/01/xss-browser-filters-disabling-it-for-app-testing/

It's either all on or all off. No per-site setting. Rather than toggle
a global setting, looks like you can modify your Javascript along with
headers to allow cross-domain access as long as the script is still
on-domain.

https://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
https://www.html5rocks.com/en/tutorials/cors/

The Firefox newsgroup is over at ---.
..-----------------------------------'
'---> mozilla.support.firefox

However, coding HTML web pages to do Javascripting across domains for
requests is something better suited to a newsgroup that discusses web
programming. The Firefox newsgroup is for support of users, not
programmers.

Vanguard,

> It's either all on or all off. No per-site setting.

Yeah, I already found some links about that (which I duly skipped), which
was why I was so specific about that per-file enabeling.

As for CORS ? That seems to need the cooperation of the server, which I
have no control over. In other words: not a preferred solution.

> The Firefox newsgroup is over at ---.

Now you mention it ...

I'm already trying to figure out where to post low-level programming stuff
(SSL3 NSS3 DLL related, specifically how to verify a returned SSL
certificate), but have not found an apropriate group for that.

Thanks,

Regards,
Rudy Wieser


-- Origional message:
VanguardLH > schreef in berichtnieuws
...
> "R.Wieser" > wrote:
>
> > Using FireFox, is there a way to allow a specific, locally stored
> > HTML-with-scripting file to access whatever websites it wants ?
> >
> > Currently any attempt from the locally-stored and started by
double-clicking
> > the file itself (displayed as a "file: ///...." in the browsers address
bar)
> > to use an XMLHttpRequest to retrieve data from a(nother) website is
> > disallowed due to XSS protection -- which I normally consider to be a
good
> > thing. Just not in this particular case. :-)
> >
> > By the way: I don't really want to remove the protection for *all*
> > locally-stored HTML pages, as that could (and probably would) cause
troubles
> > with *saved* webpages (as opposed to pages I've created myself).
>
>
https://www.phillips321.co.uk/2012/03/01/xss-browser-filters-disabling-it-fo
r-app-testing/
>
> It's either all on or all off. No per-site setting. Rather than toggle
> a global setting, looks like you can modify your Javascript along with
> headers to allow cross-domain access as long as the script is still
> on-domain.
>
> https://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/
> https://en.wikipedia.org/wiki/Cross-origin_resource_sharing
> https://www.html5rocks.com/en/tutorials/cors/
>
> The Firefox newsgroup is over at ---.
> .-----------------------------------'
> '---> mozilla.support.firefox
>
> However, coding HTML web pages to do Javascripting across domains for
> requests is something better suited to a newsgroup that discusses web
> programming. The Firefox newsgroup is for support of users, not
> programmers.