Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

how to disable web security in firefox

  • 2 tontu
  • 2 am na jafe-jafe bii
  • 5 views
  • i mujjee tontu mooy dveditz

more options

Please let us know how to disable web security in mozilla firefox .

I tried re-setting the below : security.fileuri.strict_origin_policy;true

network.http.referer.XOriginPolicy

but its not working.

Whereas in chrome we have the below option to set websecurity : chromium-browser --disable-web-security

Please advice.

Please let us know how to disable web security in mozilla firefox . I tried re-setting the below : security.fileuri.strict_origin_policy;true network.http.referer.XOriginPolicy but its not working. Whereas in chrome we have the below option to set websecurity : chromium-browser --disable-web-security Please advice.

All Replies (2)

more options

Hi,

I understand that you would like to know how to disable web security in Firefox and you have tried: security.fileuri.strict_origin_policy;true and network.http.referer.XOriginPolicy. These are cross domain single origin policy that refers to a specific header int HTTP. 

The chromium-browser --disable-web-security essentially does the same thing. (Ideally) It seems from a couple of sources that this does not actually disable Cors as well? Hence (https://bugzilla.mozilla.org/show_bug.cgi?id=1039678)

Please do report back with what you find!

EDit: It sounds like the feature you are looking for has not been implemented yet.

guigs moo ko soppali ci

more options

As guigs2 said there's currently no equivalent to chrome's --disable-web-security feature; bug 1039678 is the feature request for it.

security.fileuri.strict_origin_policy -- changes only the handling of locally opened file:// urls. if you set that to false then any saved web page can read every other file on your disk including sensitive data in your Firefox profile. Not recommended!

network.http.referer.XOriginPolicy -- allows you to block sending the Referer header when loading a resource from a different base domain (1) or different host (2).

Neither have anything to do with CORS headers