Updated 2009-12-13: This post seems to be the most popular of those from the old incarnation of this blog. As such I’ve decided to migrate it over. Unfortunately I can’t migrate the comments as well. One comment which seems that it might be useful comes from stefano (I’ve editorialized somewhat):

Good trick, but there’s an easier way to enable cross domain without editing config files by hand. Type “about:config” in your URL bar, then right click on the list of preferences and select the NewString contextual menu. Add capability.policy.default.XMLHttpRequest.open as key name and allAccess as value. I do not remember if this is taken into account immediately or if you have to reboot. Done!

I’m also not positive if this works in newer versions of Firefox, and I haven’t tested it. Feel free to let everybody know in the comments.

Tonight I have finally conquered one of the biggest annoyances of the past year for me (in terms of development at least). Developing web applications with Firefox is a pleasure because of the firebug extension. Nothing comes close in Safari. Unfortunately, Firefox doesn’t allow cross-domain XMLHttpRequests for security reasons. While good security is a plus, this restriction can make development and testing a real chore. For those of us willing to risk the security vulnerability, here is how to bypass the cross-domain restriction once and for all.

  1. Close Firefox

  2. Edit the file prefs.js in your Firefox user profile folder

  3. Add the following line anywhere in the file:

    user_pref("capability.policy.default.XMLHttpRequest.open",
              "allAccess");
    
  4. Save the file and re-open Firefox. You can now risk your life and limb by doing XHR’s to whatever domains you want – congratulations!