Updated 2009-12-13: This post seems to be the most popular of those from the old incarnation of this blog. As such I’ve decided to migrate it over. Unfortunately I can’t migrate the comments as well. One comment which seems that it might be useful comes from [stefano](http://myblog.digitalemagine.com/) (I’ve editorialized somewhat): > Good trick, but there’s an easier way to enable cross domain without > editing config files by hand. Type “about:config” in your URL bar, > then right click on the list of preferences and select the *New* -> > *String* contextual menu. Add > **capability.policy.default.XMLHttpRequest.open** as key name and > **allAccess** as value. I do not remember if this is taken into > account immediately or if you have to reboot. Done! I’m also not positive if this works in newer versions of Firefox, and I haven’t tested it. Feel free to let everybody know in the comments.

Tonight I have finally conquered one of the biggest annoyances of the past year for me (in terms of development at least). Developing web applications with Firefox is a pleasure because of the “firebug extension”:http://getfirebug.com/. Nothing comes close in Safari. Unfortunately, Firefox doesn’t allow cross-domain XMLHttpRequests for security reasons. While good security is a plus, this restriction can make development and testing a real chore. For those of us willing to risk the security vulnerability, here is how to bypass the cross-domain restriction once and for all.

#

Close Firefox \#

Edit the file **prefs.js** in your Firefox user profile folder \#

Add the following line anywhere in the file: 

user_pref("capability.policy.default.XMLHttpRequest.open",
          "allAccess");
\#

Save the file and re-open Firefox. You can now risk your life and limb by doing XHR (XMLHttpRequests)’s to whatever domains you want - congratulations!