Reputation: 19825
Cross-domain communication using a Firefox addon
Firefox addons allow you to do cross-domain communication.
Is there any way to expose this function so I can initiate cross-domain ajax from any page (given I have installed this addon)?
Edit: I know what is CORS, and CORS only make sense when you have control the server, but I don't. The point here is I control the browser, I bear the risk so I am asking if anyway to export the cross-domain function from addon stage to the userland.
Upvotes: 9
Views: 7932
Answers (5)
Reputation: 12592
You might be able to make use of this gem: https://github.com/progrium/localtunnel
Upvotes: 1
Reputation: 4350
As you have said, the same origin policy only serves to protect the client (yourself), usually from XSS attacks.
I'm not sure what you're trying to achieve with the addon, but you can certainly try doing the following on your own machine. By changing the settings on firefox, you can ignore the same origin policy.
If you're trying to develop a plugin that allows cross domain access (and thus potentially open up vulnerabilities in your client-base), you may need to employ some unorthodox tricks. I can think of a couple ways, but like CORS, you will need access to SOME server at least. You can essentially create a proxy that fetches the resources on your server instead. Ie, the users of your plugin hits http://yourwebsite.com/?url=http://someotherwebsite.com/resource.
I can think of no way to do a client-side only solution.
Upvotes: 5
Reputation: 6131
Userscripts have cross-domain XMLHttpRequest, and they will even run on all browsers.
Upvotes: 0
Reputation: 5110
Cross domain communication aka CORS (Cross Origin Resource Share) is only possible if the server allows it, and the browser supports it.
Easy reading in this Wikipedia article
Heavy reading in this W3C document which is still a working draft.
I have used CORS now for a year in the C# Webserver. I noticed whenever I do not add the CORS headers on the server side, I run into the same origin policy. Even when requesting to the same IP address but a different port.
If the server does not support CORS, you may find your cross domain requests to fail
EDIT:
I recently learned that the same domain policy can be worked around using Yahoo! Query Language (YQL). See the link for more information.
See this SO item for an example Cross Domain Post method ajax call using jquery with xml response
Upvotes: 2
Reputation: 3348
Do you have access to the other server?? JSONP it's generally a good idea if you have access.
http://en.wikipedia.org/wiki/JSONP
Upvotes: -1
Related Questions
- Unable to send cross-domain request in `Firefox` extension
- Firefox WebExtensions and Cross-domain privileges
- Mozilla Addon Development - Communicating between windows with different domains
- Problems with my Firefox addon and cross domain https
- Firefox Add-on SDK and Cross-domain
- Making crossdomain ajax requests with addons for Firefox
- Cross-Page communication in firefox extension
- Iframe cross domain communication and chromeless domain
- Communicating to server from Firefox extension
- How do I authorize users (logged into my website) to use my firefox addon