Web Technologies

Beware the Same Origin Policy

March 28th, 2013 at 11:03

Recently I have been working on a search interface which should parse the JSON returned from a particular ajax call.

Ajax requests are subject to the same origin policy of course such that “the request can not successfully retrieve data from a different domain, subdomain, or protocol.”

This is all good stuff of course but it doesn’t help you much in a development environment for example when you are just developing on your local machine.

Googling suggests that the same origin policy restriction can be disabled in your browser. Firefox for example via about:config security.fileuri.strict_origin_policy.

This did not work for me but fortunately a kind person by the name of Josef Pfleger has written a Firefox add-on named Force CORS which effectively disables the same origin policy.  To quote the add-on page “This simple extension adds the Cross Origin Resource Sharing (CORS) Access-Control- HTTP headers to responses to allow cross domain calls”.

The add-on works a treat and I recommend it for ajax development.  Obviously you wouldn’t want this enabled for general web browsing.  Thankfully, should you forget, the add-on is disabled when the browser is restarted by default.

Comments are currently not open for this post.