搜尋 Mozilla 技術支援網站

防止技術支援詐騙。我們絕對不會要求您撥打電話或發送簡訊,或是提供個人資訊。請用「回報濫用」功能回報可疑的行為。

了解更多

how to disable web security in firefox

  • 2 回覆
  • 2 有這個問題
  • 5 次檢視
  • 最近回覆由 dveditz

more options

Please let us know how to disable web security in mozilla firefox .

I tried re-setting the below : security.fileuri.strict_origin_policy;true

network.http.referer.XOriginPolicy

but its not working.

Whereas in chrome we have the below option to set websecurity : chromium-browser --disable-web-security

Please advice.

Please let us know how to disable web security in mozilla firefox . I tried re-setting the below : security.fileuri.strict_origin_policy;true network.http.referer.XOriginPolicy but its not working. Whereas in chrome we have the below option to set websecurity : chromium-browser --disable-web-security Please advice.

所有回覆 (2)

more options

Hi,

I understand that you would like to know how to disable web security in Firefox and you have tried: security.fileuri.strict_origin_policy;true and network.http.referer.XOriginPolicy. These are cross domain single origin policy that refers to a specific header int HTTP. 

The chromium-browser --disable-web-security essentially does the same thing. (Ideally) It seems from a couple of sources that this does not actually disable Cors as well? Hence (https://bugzilla.mozilla.org/show_bug.cgi?id=1039678)

Please do report back with what you find!

EDit: It sounds like the feature you are looking for has not been implemented yet.

由 guigs 於 修改

more options

As guigs2 said there's currently no equivalent to chrome's --disable-web-security feature; bug 1039678 is the feature request for it.

security.fileuri.strict_origin_policy -- changes only the handling of locally opened file:// urls. if you set that to false then any saved web page can read every other file on your disk including sensitive data in your Firefox profile. Not recommended!

network.http.referer.XOriginPolicy -- allows you to block sending the Referer header when loading a resource from a different base domain (1) or different host (2).

Neither have anything to do with CORS headers